Evade AV's detection - 5

This commit is contained in:
WindowsAddict 2023-10-25 02:14:51 +05:30
parent 068903c63f
commit e16354561b

View File

@ -3,16 +3,7 @@
@echo off @echo off
::========================================================================================================================================
::============================================================================
::
:: This script is a part of 'Microsoft_Activation_Scripts' project.
::
:: Homepage: https://massgrave[.]dev
:: Email: windowsaddict@protonmail.com
::
::============================================================================
:: To activate Office with Ohook activation, run the script with "/Ohook" parameter or change 0 to 1 in below line :: To activate Office with Ohook activation, run the script with "/Ohook" parameter or change 0 to 1 in below line
@ -24,7 +15,6 @@ set _rem=0
:: If value is changed in above lines or parameter is used then script will run in unattended mode :: If value is changed in above lines or parameter is used then script will run in unattended mode
::======================================================================================================================================== ::========================================================================================================================================
:: Set Path variable, it helps if it is misconfigured in the system :: Set Path variable, it helps if it is misconfigured in the system
@ -559,7 +549,7 @@ echo Adding Reg Keys To Skip License Check [Successful]
::======================================================================================================================================== ::========================================================================================================================================
:: mass grave[.]dev/office-license-is-not-genuine.html :: mass[]grave[.]dev/office-license-is-not-genuine.html
:: Add registry keys for volume products so that 'non-genuine' banner won't appear :: Add registry keys for volume products so that 'non-genuine' banner won't appear
:: Script already is using MAK instead of GVLK so it won't appear anyway, but registry keys are added incase Office installs default GVLK grace key for volume products :: Script already is using MAK instead of GVLK so it won't appear anyway, but registry keys are added incase Office installs default GVLK grace key for volume products
@ -1526,8 +1516,8 @@ exit /b
:oh_extractdll :oh_extractdll
set b= set _blank=
%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':%_hook%\:.*';$bytes = [Con%b%vert]::FromBas%b%e64String($f[1]); $PePath='%1'; $offset='%2'; $m=[io.file]::ReadAllText('!_batp!') -split ':hexedit\:.*';iex ($m[1]);" %nul2% | find /i "Error found" %nul1% && set hasherror=1 %psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':%_hook%\:.*';$bytes = [Con%_blank%vert]::FromBas%_blank%e64String($f[1]); $PePath='%1'; $offset='%2'; $m=[io.file]::ReadAllText('!_batp!') -split ':hexedit\:.*';iex ($m[1]);" %nul2% | find /i "Error found" %nul1% && set hasherror=1
exit /b exit /b
:hexedit: :hexedit:
@ -1610,13 +1600,13 @@ $MemoryStream.Close()
:: ::
:: The files are encoded in base64 to make MAS AIO version. :: The files are encoded in base64 to make MAS AIO version.
:: ::
:: mass grave[.]dev/ohook :: mass[]grave[.]dev/ohook
:: Here you can find the files source code and info on how to rebuild the identical sppc.dll files :: Here you can find the files source code and info on how to rebuild the identical sppc.dll files
:: ::
:: stackoverflow.com/a/35335273 :: stackoverflow.com/a/35335273
:: Here you can check how to extract sppc.dll files from base64 :: Here you can check how to extract sppc.dll files from base64
:: ::
:: For any further question, feel free to contact us on mass grave[.]dev/contactus :: For any further question, feel free to contact us on mass[]grave[.]dev/contactus
:: ::
::======================================================================================================================================== ::========================================================================================================================================