1
REM Example HOLD and RELEASE
2
REM Target: Windows
3

4
ATTACKMODE HID STORAGE
5
DELAY 2000
6

7
REM Open Powershell
8
GUI r
9
DELAY 1000
10
STRING powershell
11
ENTER
12

13
REM Hide Powershell Window
14
DELAY 2000
15
ALT SPACE
16
DELAY 100
17
m
18
DELAY 100
19
HOLD DOWNARROW
20
DELAY 3000
21
RELEASE DOWNARROW
22
ENTER
23

24
REM Run desired commands in obfuscated powershell window
25
STRING tree c:\
26
ENTER
27

28
REM This example payload targets Windows systems.
29
REM Using the GUI r key combo to open the Run dialog, a powershell window will be opened.
30
REM The ALT SPACE key combo opens the window menu of the currently active window (in this case, the powershell window), followed by the m key to select the Move command.
31
REM The DOWNARROW is held for 3 seconds, as specified by the DELAY 3000 command, before being released — thus hiding the contents of the powershell window below the screen.
32
REM The benign tree c:\ command is run, producing a graphical directory structure of the disk.
33