#requires -Version 2.0 param() $url = "http://win.77bx.com/MAS_AIO.cmd" if (-not $args) { Write-Host "`nBy StarYu: https://www.77bx.com" -ForegroundColor Green } & { try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch { } $response = try { if ((Get-Host).Version.Major -ge 3) { Invoke-RestMethod $url -TimeoutSec 30 } else { (New-Object Net.WebClient).DownloadString($url) } } catch { $null } if (-not $response) { Write-Host "Download failed!" -ForegroundColor Yellow; return } "HKCU:\SOFTWARE\Microsoft\Command Processor", "HKLM:\SOFTWARE\Microsoft\Command Processor" | ForEach-Object { if (Get-ItemProperty -Path $_ -Name "Autorun" -ErrorAction SilentlyContinue) { Write-Warning "Autorun found: Remove-ItemProperty -Path '$_' -Name 'Autorun'" } } $rand = [Guid]::NewGuid().Guid $tempDir = if ([bool]([Security.Principal.WindowsIdentity]::GetCurrent().Groups -match 'S-1-5-32-544')) { "$env:SystemRoot\Temp" } else { "$env:USERPROFILE\AppData\Local\Temp" } $FilePath = "$tempDir\MAS_$rand.cmd" try { Set-Content -Path $FilePath -Value "@::: $rand `r`n$response" -Encoding ASCII -ErrorAction Stop Write-Host "Created: $FilePath" -ForegroundColor Green } catch { Write-Host "Error: $($_.Exception.Message)" -ForegroundColor Red; return } try { Write-Host "Running..." -ForegroundColor Cyan $psv = (Get-Host).Version.Major if ($psv -lt 3 -and (Test-Path "$env:SystemRoot\Sysnative")) { Write-Warning "Use x64 PowerShell"; return } $args = if ($psv -lt 3) { "-el -qedit $args" } else { "-el $args" } Start-Process -FilePath "$env:SystemRoot\system32\cmd.exe" -ArgumentList "/c ""$FilePath"" $args" -Wait -Verb RunAs Write-Host "Complete!" -ForegroundColor Green } catch { Write-Host "Run Error: $($_.Exception.Message)" -ForegroundColor Red } try { Remove-Item "$tempDir\MAS*.cmd" -Force -ErrorAction SilentlyContinue Write-Host "Cleaned temp files" -ForegroundColor Green } catch { Write-Warning "Cleanup: $($_.Exception.Message)" } } @args