diff --git a/payloads/library/incident_response/GoodUSB.txt b/payloads/library/incident_response/GoodUSB/payload.txt similarity index 96% rename from payloads/library/incident_response/GoodUSB.txt rename to payloads/library/incident_response/GoodUSB/payload.txt index 5ac443d..2347b64 100644 --- a/payloads/library/incident_response/GoodUSB.txt +++ b/payloads/library/incident_response/GoodUSB/payload.txt @@ -52,4 +52,4 @@ LEFT ENTER DELAY 4000 STRING mkdir $env:USERPROFILE\AppData\Local\Temp ; cd $env:USERPROFILE\AppData\Local\Temp ; Invoke-WebRequest -Uri https://www.clamav.net/downloads/production/clamav-0.105.0.win.x64.zip -OutFile clam.zip ; Expand-Archive -Force clam.zip ; del clam.zip ; cd clam\* ; mv .\conf_examples\freshclam.conf.sample freshclam.conf ; mv .\conf_examples\clamd.conf.sample clamd.conf ; Set-Content -Path "freshclam.conf" -Value (get-content -Path "freshclam.conf" | Select-String -Pattern 'Example' -NotMatch) ; Set-Content -Path "clamd.conf" -Value (get-content -Path "clamd.conf" | Select-String -Pattern 'Example' -NotMatch) ; Start-Process -Wait .\freshclam.exe ; Start-Process -NoNewWindow -Wait .\clamscan.exe "--memory --kill" ; cd $env:USERPROFILE\AppData\Local\Temp ; rmdir -R clam -ENTER \ No newline at end of file +ENTER