📄 plaintext public

Untitled Paste

Guest 2h ago 5 views Text Paste
Raw
📄 plaintext
1
@echo off
2
:: https://privacy.sexy — v0.13.8 — Sat, 04 Jul 2026 05:02:56 GMT
3
:: Ensure PowerShell is available
4
where PowerShell >nul 2>&1 || (
5
    echo PowerShell is not available. Please install or enable PowerShell.
6
    pause & exit 1
7
)
8
:: Ensure admin privileges
9
fltmc >nul 2>&1 || (
10
    echo Administrator privileges are required.
11
    PowerShell Start -Verb RunAs '%0' 2> nul || (
12
        echo Right-click on the script and select "Run as administrator".
13
        pause & exit 1
14
    )
15
    exit 0
16
)
17
:: Initialize environment
18
setlocal EnableExtensions DisableDelayedExpansion
19
 
20
 
21
:: ----------------------------------------------------------
22
:: -----Clear credentials in Windows Credential Manager------
23
:: ----------------------------------------------------------
24
echo --- Clear credentials in Windows Credential Manager
25
PowerShell -ExecutionPolicy Unrestricted -Command "$cmdkeyPath = Get-Command cmdkey -ErrorAction SilentlyContinue; if (-not $cmdkeyPath) { throw 'Failed to find the `cmdkey` utility on this system.'; }; $cmdkeyListOutput = & $cmdkeyPath /list; if ($LASTEXITCODE -ne 0) { throw "^""Failed to execute `cmdkey /list`. Exit code: $LASTEXITCODE."^""; }; if (-not $cmdkeyListOutput) { throw 'Failed to retrieve credentials list. The output from `cmdkey /list` is empty.'; }; $credentialEntries = @($cmdkeyListOutput | Select-String 'Target'); if (-not $credentialEntries) { Write-Host 'Skipping: No credentials found for deletion.'; exit 0; }; $allCredentialsDeletedSuccessfully = $true; Write-Host "^""Total of $($credentialEntries.Length) credential(s) found. Initiating deletion..."^""; foreach ($credentialEntry in $credentialEntries) { if ($credentialEntry -notmatch 'Target:(.+)') { Write-Error "^""Failed to parse credential from output: $credentialEntry"^""; $allCredentialsDeletedSuccessfully = $false; continue; }; $credentialTargetName = $matches[1].Trim(); Write-Host "^""Deleting credential: `"^""$credentialTargetName`"^""..."^""; & $cmdkeyPath /delete:$credentialTargetName; if ($LASTEXITCODE -ne 0) { Write-Error "^""Failed to delete credential '$credentialTargetName'. `cmdkey` returned exit code: $LASTEXITCODE."^""; $allCredentialsDeletedSuccessfully = $false; } else { Write-Host "^""Successfully deleted credential: `"^""$credentialTargetName`"^""."^""; }; }; if (-not $allCredentialsDeletedSuccessfully) { Write-Warning 'Failed to delete some credentials. Please check the error messages above.'; } else { Write-Host "^""Successfully deleted all $($credentialEntries.Length) credential(s)."^""; }"
26
:: ----------------------------------------------------------
27
 
28
 
29
:: ----------------------------------------------------------
30
:: ---------Remove the controversial `default0` user---------
31
:: ----------------------------------------------------------
32
echo --- Remove the controversial `default0` user
33
net user defaultuser0 /delete 2>nul
34
:: ----------------------------------------------------------
35
 
36
 
37
:: ----------------------------------------------------------
38
:: ----------------Empty trash (Recycle Bin)-----------------
39
:: ----------------------------------------------------------
40
echo --- Empty trash (Recycle Bin)
41
PowerShell -ExecutionPolicy Unrestricted -Command "$bin = (New-Object -ComObject Shell.Application).NameSpace(10); $bin.items() | ForEach { Write-Host "^""Deleting $($_.Name) from Recycle Bin"^""; Remove-Item $_.Path -Recurse -Force; }"
42
:: ----------------------------------------------------------
43
 
44
 
45
:: ----------------------------------------------------------
46
:: ----------Minimize DISM "Reset Base" update data----------
47
:: ----------------------------------------------------------
48
echo --- Minimize DISM "Reset Base" update data
49
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration!DisableResetbase"
50
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration'; $data =  '0'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration' /v 'DisableResetbase' /t 'REG_DWORD' /d "^""$data"^"" /f"
51
:: ----------------------------------------------------------
52
 
53
 
54
:: ----------------------------------------------------------
55
:: ---------Remove Windows product key from registry---------
56
:: ----------------------------------------------------------
57
echo --- Remove Windows product key from registry
58
cscript.exe //nologo "%SYSTEMROOT%\System32\slmgr.vbs" /cpky
59
:: ----------------------------------------------------------
60
 
61
 
62
:: ----------------------------------------------------------
63
:: -----------Clear volume backups (shadow copies)-----------
64
:: ----------------------------------------------------------
65
echo --- Clear volume backups (shadow copies)
66
vssadmin delete shadows /all /quiet
67
:: ----------------------------------------------------------
68
 
69
 
70
:: ----------------------------------------------------------
71
:: -----------Remove associations of default apps------------
72
:: ----------------------------------------------------------
73
echo --- Remove associations of default apps
74
dism /online /Remove-DefaultAppAssociations
75
:: ----------------------------------------------------------
76
 
77
 
78
:: ----------------------------------------------------------
79
:: -----Clear System Resource Usage Monitor (SRUM) data------
80
:: ----------------------------------------------------------
81
echo --- Clear System Resource Usage Monitor (SRUM) data
82
:: Stop service: DPS (with state file) (wait until stopped)
83
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'DPS'; Write-Host "^""Stopping service: `"^""$serviceName`"^""."^""; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if (!$service) { Write-Host "^""Skipping, service `"^""$serviceName`"^"" could not be not found, no need to stop it."^""; exit 0; }; if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""Skipping, `"^""$serviceName`"^"" is not running, no need to stop."^""; exit 0; }; Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { $service | Stop-Service -Force -ErrorAction Stop; $service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped); } catch { throw "^""Failed to stop the service `"^""$serviceName`"^"": $_"^""; }; Write-Host "^""Successfully stopped the service: `"^""$serviceName`"^""."^""; function Get-StateFilePath($BaseName, $Suffix) { $escapedBaseName = $BaseName.Split([IO.Path]::GetInvalidFileNameChars()) -Join '_'; $uniqueFilename = $escapedBaseName, $Suffix -Join '-'; $path = [IO.Path]::Combine( $env:APPDATA, 'privacy.sexy', 'state', $uniqueFilename ); return $path; }; function Get-UniqueStateFilePath($BaseName) { $suffix = New-Guid; $path = Get-StateFilePath -BaseName $BaseName -Suffix $suffix; if (Test-Path -Path $path) { Write-Verbose "^""Path collision detected at: '$path'. Generating new path..."^""; return Get-UniqueStateFilePath $serviceName; }; return $path; }; function New-EmptyFile($Path) { $parentDirectory = [System.IO.Path]::GetDirectoryName($Path); if (-not (Test-Path $parentDirectory -PathType Container)) { try { New-Item -ItemType Directory -Path $parentDirectory -Force -ErrorAction Stop | Out-Null; }  catch { Write-Warning "^""Failed to create parent directory of file `"^""$parentDirectory`"^"": $_"^""; }; }; try { New-Item -ItemType File -Path $Path -Force -ErrorAction Stop | Out-Null; return $true; } catch { Write-Warning "^""Failed to create file `"^""$Path`"^"": $_"^""; return $false; }; }; $path = Get-UniqueStateFilePath $serviceName; if (New-EmptyFile $path) { Write-Host 'Service will restart automatically.'; } else { Write-Warning 'Manual restart required - please restart your computer.'; }"
84
:: Delete files matching pattern: "%SYSTEMROOT%\System32\sru\SRUDB.dat"
85
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\sru\SRUDB.dat"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
86
:: Start service: DPS (if state requires)
87
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'DPS'; function Get-StateFilePath($BaseName, $Suffix) { $escapedBaseName = $BaseName.Split([IO.Path]::GetInvalidFileNameChars()) -Join '_'; $uniqueFilename = $escapedBaseName, $Suffix -Join '-'; $path = [IO.Path]::Combine( $env:APPDATA, 'privacy.sexy', 'state', $uniqueFilename ); return $path; }; $fileGlob = Get-StateFilePath -BaseName $serviceName -Suffix '*'; $files = Get-ChildItem -Path "^""$fileGlob"^""; if ($files.Count -gt 0) { $firstFilePath = $files[0].FullName; try { Remove-Item -Path $firstFilePath -Force -ErrorAction Stop; Write-Host 'The service is expected to be started.'; } catch { Write-Warning "^""Failed to delete the service state file `"^""$firstFilePath`"^"": $_"^""; }; }; if ($files.Count -ne 1) { <# Not the last file requiring restart #>; Write-Host 'Skipping starting the service: It was not running before.'; exit 0; }; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if (!$service) { throw "^""Failed to start service `"^""$serviceName`"^"": Service not found."^""; }; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""Skipping, `"^""$serviceName`"^"" is already running, no need to start."^""; exit 0; }; Write-Host "^""`"^""$serviceName`"^"" is not running, starting it."^""; try { $service | Start-Service -ErrorAction Stop; Write-Host "^""Successfully started the service: `"^""$serviceName`"^""."^""; } catch { Write-Warning "^""Failed to start the service: `"^""$serviceName`"^""."^""; exit 1; }"
88
:: ----------------------------------------------------------
89
 
90
 
91
:: ----------------------------------------------------------
92
:: -----------Clear previous Windows installations-----------
93
:: ----------------------------------------------------------
94
echo --- Clear previous Windows installations
95
:: Delete directory (with additional permissions) : "%SYSTEMDRIVE%\Windows.old"
96
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMDRIVE%\Windows.old'; if (-Not $directoryGlob.EndsWith('\')) { $directoryGlob += '\' }; $directoryGlob )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
97
:: ----------------------------------------------------------
98
 
99
 
100
:: ----------------------------------------------------------
101
:: ----------------------Disable Recall----------------------
102
:: ----------------------------------------------------------
103
echo --- Disable Recall
104
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot!DisableAIDataAnalysis"
105
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot' /v 'DisableAIDataAnalysis' /t 'REG_DWORD' /d "^""$data"^"" /f"
106
:: ----------------------------------------------------------
107
 
108
 
109
:: ----------------------------------------------------------
110
:: ----------Disable cloud-based speech recognition----------
111
:: ----------------------------------------------------------
112
echo --- Disable cloud-based speech recognition
113
:: Set the registry value: "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy!HasAccepted"
114
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy' /v 'HasAccepted' /t 'REG_DWORD' /d "^""$data"^"" /f"
115
:: ----------------------------------------------------------
116
 
117
 
118
:: ----------------------------------------------------------
119
:: ------------Opt out of Windows privacy consent------------
120
:: ----------------------------------------------------------
121
echo --- Opt out of Windows privacy consent
122
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Personalization\Settings!AcceptedPrivacyPolicy"
123
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Personalization\Settings'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Personalization\Settings' /v 'AcceptedPrivacyPolicy' /t 'REG_DWORD' /d "^""$data"^"" /f"
124
:: ----------------------------------------------------------
125
 
126
 
127
:: ----------------------------------------------------------
128
:: -----------Disable Windows feedback collection------------
129
:: ----------------------------------------------------------
130
echo --- Disable Windows feedback collection
131
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Siuf\Rules!NumberOfSIUFInPeriod"
132
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Siuf\Rules'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Siuf\Rules' /v 'NumberOfSIUFInPeriod' /t 'REG_DWORD' /d "^""$data"^"" /f"
133
:: Delete the registry value "PeriodInNanoSeconds" from the key "HKCU\SOFTWARE\Microsoft\Siuf\Rules" 
134
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKCU\SOFTWARE\Microsoft\Siuf\Rules'; $valueName = 'PeriodInNanoSeconds'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
135
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection!DoNotShowFeedbackNotifications"
136
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection' /v 'DoNotShowFeedbackNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
137
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!DoNotShowFeedbackNotifications"
138
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'DoNotShowFeedbackNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
139
:: ----------------------------------------------------------
140
 
141
 
142
:: ----------------------------------------------------------
143
:: -------Disable text and handwriting data collection-------
144
:: ----------------------------------------------------------
145
echo --- Disable text and handwriting data collection
146
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitInkCollection"
147
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization' /v 'RestrictImplicitInkCollection' /t 'REG_DWORD' /d "^""$data"^"" /f"
148
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection"
149
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization' /v 'RestrictImplicitTextCollection' /t 'REG_DWORD' /d "^""$data"^"" /f"
150
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports"
151
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports' /v 'PreventHandwritingErrorReports' /t 'REG_DWORD' /d "^""$data"^"" /f"
152
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing"
153
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC' /v 'PreventHandwritingDataSharing' /t 'REG_DWORD' /d "^""$data"^"" /f"
154
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!AllowInputPersonalization"
155
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization' /v 'AllowInputPersonalization' /t 'REG_DWORD' /d "^""$data"^"" /f"
156
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore!HarvestContacts"
157
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore' /v 'HarvestContacts' /t 'REG_DWORD' /d "^""$data"^"" /f"
158
:: ----------------------------------------------------------
159
 
160
 
161
:: ----------------------------------------------------------
162
:: ------------------Disable device sensors------------------
163
:: ----------------------------------------------------------
164
echo --- Disable device sensors
165
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors"
166
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors' /v 'DisableSensors' /t 'REG_DWORD' /d "^""$data"^"" /f"
167
:: ----------------------------------------------------------
168
 
169
 
170
:: ----------------------------------------------------------
171
:: -------------------Disable Wi-Fi Sense--------------------
172
:: ----------------------------------------------------------
173
echo --- Disable Wi-Fi Sense
174
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting!value"
175
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
176
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots!Enabled"
177
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
178
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config!AutoConnectAllowedOEM"
179
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config' /v 'AutoConnectAllowedOEM' /t 'REG_DWORD' /d "^""$data"^"" /f"
180
:: ----------------------------------------------------------
181
 
182
 
183
:: ----------------------------------------------------------
184
:: ----Disable app launch tracking (hides most-used apps)----
185
:: ----------------------------------------------------------
186
echo --- Disable app launch tracking (hides most-used apps)
187
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced!Start_TrackProgs"
188
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' /v 'Start_TrackProgs' /t 'REG_DWORD' /d "^""$data"^"" /f"
189
:: Suggest restarting explorer.exe for changes to take effect
190
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
191
:: ----------------------------------------------------------
192
 
193
 
194
:: ----------------------------------------------------------
195
:: ---------Disable Website Access of Language List----------
196
:: ----------------------------------------------------------
197
echo --- Disable Website Access of Language List
198
:: Set the registry value: "HKCU\Control Panel\International\User Profile!HttpAcceptLanguageOptOut"
199
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Control Panel\International\User Profile'; $data =  '1'; reg add 'HKCU\Control Panel\International\User Profile' /v 'HttpAcceptLanguageOptOut' /t 'REG_DWORD' /d "^""$data"^"" /f"
200
:: ----------------------------------------------------------
201
 
202
 
203
:: ----------------------------------------------------------
204
:: -------------Disable automatic map downloads--------------
205
:: ----------------------------------------------------------
206
echo --- Disable automatic map downloads
207
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps!AllowUntriggeredNetworkTrafficOnSettingsPage"
208
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps' /v 'AllowUntriggeredNetworkTrafficOnSettingsPage' /t 'REG_DWORD' /d "^""$data"^"" /f"
209
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps!AutoDownloadAndUpdateMapData"
210
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps' /v 'AutoDownloadAndUpdateMapData' /t 'REG_DWORD' /d "^""$data"^"" /f"
211
:: ----------------------------------------------------------
212
 
213
 
214
:: ----------------------------------------------------------
215
:: --------------Disable game screen recording---------------
216
:: ----------------------------------------------------------
217
echo --- Disable game screen recording
218
:: Set the registry value: "HKCU\System\GameConfigStore!GameDVR_Enabled"
219
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\System\GameConfigStore'; $data =  '0'; reg add 'HKCU\System\GameConfigStore' /v 'GameDVR_Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
220
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR!AllowGameDVR"
221
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR' /v 'AllowGameDVR' /t 'REG_DWORD' /d "^""$data"^"" /f"
222
:: ----------------------------------------------------------
223
 
224
 
225
:: ----------------------------------------------------------
226
:: ---------Disable internet access for Windows DRM----------
227
:: ----------------------------------------------------------
228
echo --- Disable internet access for Windows DRM
229
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\WMDRM!DisableOnline"
230
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\WMDRM'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\WMDRM' /v 'DisableOnline' /t 'REG_DWORD' /d "^""$data"^"" /f"
231
:: ----------------------------------------------------------
232
 
233
 
234
:: ----------------------------------------------------------
235
:: -------Disable typing feedback (sends typing data)--------
236
:: ----------------------------------------------------------
237
echo --- Disable typing feedback (sends typing data)
238
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Input\TIPC!Enabled"
239
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Input\TIPC'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Input\TIPC' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
240
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Input\TIPC!Enabled"
241
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Input\TIPC'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Input\TIPC' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
242
:: ----------------------------------------------------------
243
 
244
 
245
:: ----------------------------------------------------------
246
:: --------------Disable Activity Feed feature---------------
247
:: ----------------------------------------------------------
248
echo --- Disable Activity Feed feature
249
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!EnableActivityFeed"
250
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'EnableActivityFeed' /t 'REG_DWORD' /d "^""$data"^"" /f"
251
:: ----------------------------------------------------------
252
 
253
 
254
:: ----------------------------------------------------------
255
:: --------------Disable NET Core CLI telemetry--------------
256
:: ----------------------------------------------------------
257
echo --- Disable NET Core CLI telemetry
258
setx DOTNET_CLI_TELEMETRY_OPTOUT 1
259
:: ----------------------------------------------------------
260
 
261
 
262
:: ----------------------------------------------------------
263
:: ---------------Disable PowerShell telemetry---------------
264
:: ----------------------------------------------------------
265
echo --- Disable PowerShell telemetry
266
setx POWERSHELL_TELEMETRY_OPTOUT 1
267
:: ----------------------------------------------------------
268
 
269
 
270
:: ----------------------------------------------------------
271
:: -----------Disable "Razer Game Scanner Service"-----------
272
:: ----------------------------------------------------------
273
echo --- Disable "Razer Game Scanner Service"
274
:: Disable service(s): `Razer Game Scanner Service`
275
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'Razer Game Scanner Service'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
276
:: ----------------------------------------------------------
277
 
278
 
279
:: ----------------------------------------------------------
280
:: --------Disable "Logitech Gaming Registry Service"--------
281
:: ----------------------------------------------------------
282
echo --- Disable "Logitech Gaming Registry Service"
283
:: Disable service(s): `LogiRegistryService`
284
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'LogiRegistryService'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
285
:: ----------------------------------------------------------
286
 
287
 
288
:: ----------------------------------------------------------
289
:: -------------Disable CCleaner data collection-------------
290
:: ----------------------------------------------------------
291
echo --- Disable CCleaner data collection
292
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!Monitoring"
293
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v 'Monitoring' /t 'REG_DWORD' /d "^""$data"^"" /f"
294
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!HelpImproveCCleaner"
295
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v 'HelpImproveCCleaner' /t 'REG_DWORD' /d "^""$data"^"" /f"
296
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!SystemMonitoring"
297
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v 'SystemMonitoring' /t 'REG_DWORD' /d "^""$data"^"" /f"
298
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!UpdateAuto"
299
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v 'UpdateAuto' /t 'REG_DWORD' /d "^""$data"^"" /f"
300
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!UpdateCheck"
301
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v 'UpdateCheck' /t 'REG_DWORD' /d "^""$data"^"" /f"
302
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!UpdateBackground"
303
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v 'UpdateBackground' /t 'REG_DWORD' /d "^""$data"^"" /f"
304
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!CheckTrialOffer"
305
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v 'CheckTrialOffer' /t 'REG_DWORD' /d "^""$data"^"" /f"
306
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!(Cfg)HealthCheck"
307
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v '(Cfg)HealthCheck' /t 'REG_DWORD' /d "^""$data"^"" /f"
308
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!(Cfg)QuickClean"
309
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v '(Cfg)QuickClean' /t 'REG_DWORD' /d "^""$data"^"" /f"
310
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!(Cfg)QuickCleanIpm"
311
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v '(Cfg)QuickCleanIpm' /t 'REG_DWORD' /d "^""$data"^"" /f"
312
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!(Cfg)GetIpmForTrial"
313
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v '(Cfg)GetIpmForTrial' /t 'REG_DWORD' /d "^""$data"^"" /f"
314
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!(Cfg)SoftwareUpdater"
315
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v '(Cfg)SoftwareUpdater' /t 'REG_DWORD' /d "^""$data"^"" /f"
316
:: Set the registry value: "HKCU\Software\Piriform\CCleaner!(Cfg)SoftwareUpdaterIpm"
317
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Piriform\CCleaner'; $data =  '0'; reg add 'HKCU\Software\Piriform\CCleaner' /v '(Cfg)SoftwareUpdaterIpm' /t 'REG_DWORD' /d "^""$data"^"" /f"
318
:: ----------------------------------------------------------
319
 
320
 
321
:: ----------------------------------------------------------
322
:: ----------Enable Data Execution Prevention (DEP)----------
323
:: ----------------------------------------------------------
324
echo --- Enable Data Execution Prevention (DEP)
325
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!NoDataExecutionPrevention"
326
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer' /v 'NoDataExecutionPrevention' /t 'REG_DWORD' /d "^""$data"^"" /f"
327
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!DisableHHDEP"
328
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'DisableHHDEP' /t 'REG_DWORD' /d "^""$data"^"" /f"
329
:: ----------------------------------------------------------
330
 
331
 
332
:: ----------------------------------------------------------
333
:: ---------------Disable AutoPlay and AutoRun---------------
334
:: ----------------------------------------------------------
335
echo --- Disable AutoPlay and AutoRun
336
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun"
337
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '255'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoDriveTypeAutoRun' /t 'REG_DWORD' /d "^""$data"^"" /f"
338
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun"
339
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoAutorun' /t 'REG_DWORD' /d "^""$data"^"" /f"
340
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume"
341
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer' /v 'NoAutoplayfornonVolume' /t 'REG_DWORD' /d "^""$data"^"" /f"
342
:: ----------------------------------------------------------
343
 
344
 
345
:: ----------------------------------------------------------
346
:: ------------Disable lock screen camera access-------------
347
:: ----------------------------------------------------------
348
echo --- Disable lock screen camera access
349
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization!NoLockScreenCamera"
350
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization' /v 'NoLockScreenCamera' /t 'REG_DWORD' /d "^""$data"^"" /f"
351
:: ----------------------------------------------------------
352
 
353
 
354
:: ----------------------------------------------------------
355
:: ----Disable storage of the LAN Manager password hashes----
356
:: ----------------------------------------------------------
357
echo --- Disable storage of the LAN Manager password hashes
358
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Lsa!NoLMHash"
359
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Lsa'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Lsa' /v 'NoLMHash' /t 'REG_DWORD' /d "^""$data"^"" /f"
360
:: ----------------------------------------------------------
361
 
362
 
363
:: Disable "Always install with elevated privileges" in Windows Installer
364
echo --- Disable "Always install with elevated privileges" in Windows Installer
365
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated"
366
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer' /v 'AlwaysInstallElevated' /t 'REG_DWORD' /d "^""$data"^"" /f"
367
:: ----------------------------------------------------------
368
 
369
 
370
:: Enable Structured Exception Handling Overwrite Protection (SEHOP)
371
echo --- Enable Structured Exception Handling Overwrite Protection (SEHOP)
372
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel!DisableExceptionChainValidation"
373
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' /v 'DisableExceptionChainValidation' /t 'REG_DWORD' /d "^""$data"^"" /f"
374
:: ----------------------------------------------------------
375
 
376
 
377
:: ----------------------------------------------------------
378
:: -Enable security against PowerShell 2.0 downgrade attacks-
379
:: ----------------------------------------------------------
380
echo --- Enable security against PowerShell 2.0 downgrade attacks
381
:: Disable the "MicrosoftWindowsPowerShellV2" feature
382
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'MicrosoftWindowsPowerShellV2'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
383
:: Disable the "MicrosoftWindowsPowerShellV2Root" feature
384
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'MicrosoftWindowsPowerShellV2Root'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
385
:: ----------------------------------------------------------
386
 
387
 
388
:: ----------------------------------------------------------
389
:: -----------Disable "Windows Connect Now" wizard-----------
390
:: ----------------------------------------------------------
391
echo --- Disable "Windows Connect Now" wizard
392
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi"
393
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\WCN\UI'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\WCN\UI' /v 'DisableWcnUi' /t 'REG_DWORD' /d "^""$data"^"" /f"
394
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars!DisableFlashConfigRegistrar"
395
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' /v 'DisableFlashConfigRegistrar' /t 'REG_DWORD' /d "^""$data"^"" /f"
396
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars!DisableInBand802DOT11Registrar"
397
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' /v 'DisableInBand802DOT11Registrar' /t 'REG_DWORD' /d "^""$data"^"" /f"
398
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars!DisableUPnPRegistrar"
399
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' /v 'DisableUPnPRegistrar' /t 'REG_DWORD' /d "^""$data"^"" /f"
400
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars!DisableWPDRegistrar"
401
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' /v 'DisableWPDRegistrar' /t 'REG_DWORD' /d "^""$data"^"" /f"
402
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars"
403
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' /v 'EnableRegistrars' /t 'REG_DWORD' /d "^""$data"^"" /f"
404
:: ----------------------------------------------------------
405
 
406
 
407
:: ----------------------------------------------------------
408
:: -------------Block Windows crash report hosts-------------
409
:: ----------------------------------------------------------
410
echo --- Block Windows crash report hosts
411
:: Add hosts entries for oca.telemetry.microsoft.com
412
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='oca.telemetry.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
413
:: Add hosts entries for oca.microsoft.com
414
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='oca.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
415
:: Add hosts entries for kmwatsonc.events.data.microsoft.com
416
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='kmwatsonc.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
417
:: ----------------------------------------------------------
418
 
419
 
420
:: ----------------------------------------------------------
421
:: -----------Block Windows error reporting hosts------------
422
:: ----------------------------------------------------------
423
echo --- Block Windows error reporting hosts
424
:: Add hosts entries for watson.telemetry.microsoft.com
425
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='watson.telemetry.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
426
:: Add hosts entries for umwatsonc.events.data.microsoft.com
427
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='umwatsonc.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
428
:: Add hosts entries for ceuswatcab01.blob.core.windows.net
429
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ceuswatcab01.blob.core.windows.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
430
:: Add hosts entries for ceuswatcab02.blob.core.windows.net
431
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ceuswatcab02.blob.core.windows.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
432
:: Add hosts entries for eaus2watcab01.blob.core.windows.net
433
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='eaus2watcab01.blob.core.windows.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
434
:: Add hosts entries for eaus2watcab02.blob.core.windows.net
435
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='eaus2watcab02.blob.core.windows.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
436
:: Add hosts entries for weus2watcab01.blob.core.windows.net
437
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='weus2watcab01.blob.core.windows.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
438
:: Add hosts entries for weus2watcab02.blob.core.windows.net
439
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='weus2watcab02.blob.core.windows.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
440
:: Add hosts entries for co4.telecommand.telemetry.microsoft.com
441
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='co4.telecommand.telemetry.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
442
:: Add hosts entries for cs11.wpc.v0cdn.net
443
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='cs11.wpc.v0cdn.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
444
:: Add hosts entries for cs1137.wpc.gammacdn.net
445
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='cs1137.wpc.gammacdn.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
446
:: Add hosts entries for modern.watson.data.microsoft.com
447
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='modern.watson.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
448
:: ----------------------------------------------------------
449
 
450
 
451
:: ----------------------------------------------------------
452
:: --------Block telemetry and user experience hosts---------
453
:: ----------------------------------------------------------
454
echo --- Block telemetry and user experience hosts
455
:: Add hosts entries for functional.events.data.microsoft.com
456
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='functional.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
457
:: Add hosts entries for browser.events.data.msn.com
458
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='browser.events.data.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
459
:: Add hosts entries for self.events.data.microsoft.com
460
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='self.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
461
:: Add hosts entries for v10.events.data.microsoft.com
462
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='v10.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
463
:: Add hosts entries for v10c.events.data.microsoft.com
464
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='v10c.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
465
:: Add hosts entries for us-v10c.events.data.microsoft.com
466
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='us-v10c.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
467
:: Add hosts entries for eu-v10c.events.data.microsoft.com
468
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='eu-v10c.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
469
:: Add hosts entries for v10.vortex-win.data.microsoft.com
470
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='v10.vortex-win.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
471
:: Add hosts entries for vortex-win.data.microsoft.com
472
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='vortex-win.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
473
:: Add hosts entries for telecommand.telemetry.microsoft.com
474
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='telecommand.telemetry.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
475
:: Add hosts entries for www.telecommandsvc.microsoft.com
476
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='www.telecommandsvc.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
477
:: Add hosts entries for umwatson.events.data.microsoft.com
478
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='umwatson.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
479
:: Add hosts entries for watsonc.events.data.microsoft.com
480
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='watsonc.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
481
:: Add hosts entries for eu-watsonc.events.data.microsoft.com
482
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='eu-watsonc.events.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
483
:: ----------------------------------------------------------
484
 
485
 
486
:: ----------------------------------------------------------
487
:: ----------Block remote configuration sync hosts-----------
488
:: ----------------------------------------------------------
489
echo --- Block remote configuration sync hosts
490
:: Add hosts entries for settings-win.data.microsoft.com
491
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='settings-win.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
492
:: Add hosts entries for settings.data.microsoft.com
493
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='settings.data.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
494
:: ----------------------------------------------------------
495
 
496
 
497
:: ----------------------------------------------------------
498
:: ------------Block location data sharing hosts-------------
499
:: ----------------------------------------------------------
500
echo --- Block location data sharing hosts
501
:: Add hosts entries for inference.location.live.net
502
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='inference.location.live.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
503
:: Add hosts entries for location-inference-westus.cloudapp.net
504
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='location-inference-westus.cloudapp.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
505
:: ----------------------------------------------------------
506
 
507
 
508
:: ----------------------------------------------------------
509
:: ------------Block maps data and updates hosts-------------
510
:: ----------------------------------------------------------
511
echo --- Block maps data and updates hosts
512
:: Add hosts entries for maps.windows.com
513
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='maps.windows.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
514
:: Add hosts entries for ecn.dev.virtualearth.net
515
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ecn.dev.virtualearth.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
516
:: Add hosts entries for ecn-us.dev.virtualearth.net
517
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ecn-us.dev.virtualearth.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
518
:: Add hosts entries for weathermapdata.blob.core.windows.net
519
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='weathermapdata.blob.core.windows.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
520
:: ----------------------------------------------------------
521
 
522
 
523
:: ----------------------------------------------------------
524
:: --------Block Spotlight ads and suggestions hosts---------
525
:: ----------------------------------------------------------
526
echo --- Block Spotlight ads and suggestions hosts
527
:: Add hosts entries for arc.msn.com
528
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='arc.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
529
:: Add hosts entries for ris.api.iris.microsoft.com
530
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ris.api.iris.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
531
:: Add hosts entries for api.msn.com
532
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='api.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
533
:: Add hosts entries for assets.msn.com
534
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='assets.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
535
:: Add hosts entries for c.msn.com
536
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='c.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
537
:: Add hosts entries for g.msn.com
538
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='g.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
539
:: Add hosts entries for ntp.msn.com
540
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ntp.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
541
:: Add hosts entries for srtb.msn.com
542
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='srtb.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
543
:: Add hosts entries for www.msn.com
544
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='www.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
545
:: Add hosts entries for fd.api.iris.microsoft.com
546
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='fd.api.iris.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
547
:: Add hosts entries for staticview.msn.com
548
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='staticview.msn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
549
:: Add hosts entries for mucp.api.account.microsoft.com
550
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='mucp.api.account.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
551
:: Add hosts entries for query.prod.cms.rt.microsoft.com
552
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='query.prod.cms.rt.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
553
:: ----------------------------------------------------------
554
 
555
 
556
:: ----------------------------------------------------------
557
:: ------------Block Cortana and Live Tiles hosts------------
558
:: ----------------------------------------------------------
559
echo --- Block Cortana and Live Tiles hosts
560
:: Add hosts entries for business.bing.com
561
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='business.bing.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
562
:: Add hosts entries for c.bing.com
563
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='c.bing.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
564
:: Add hosts entries for th.bing.com
565
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='th.bing.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
566
:: Add hosts entries for edgeassetservice.azureedge.net
567
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='edgeassetservice.azureedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
568
:: Add hosts entries for c-ring.msedge.net
569
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='c-ring.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
570
:: Add hosts entries for fp.msedge.net
571
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='fp.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
572
:: Add hosts entries for I-ring.msedge.net
573
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='I-ring.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
574
:: Add hosts entries for s-ring.msedge.net
575
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='s-ring.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
576
:: Add hosts entries for dual-s-ring.msedge.net
577
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='dual-s-ring.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
578
:: Add hosts entries for creativecdn.com
579
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='creativecdn.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
580
:: Add hosts entries for a-ring-fallback.msedge.net
581
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='a-ring-fallback.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
582
:: Add hosts entries for fp-afd-nocache-ccp.azureedge.net
583
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='fp-afd-nocache-ccp.azureedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
584
:: Add hosts entries for prod-azurecdn-akamai-iris.azureedge.net
585
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='prod-azurecdn-akamai-iris.azureedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
586
:: Add hosts entries for widgetcdn.azureedge.net
587
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='widgetcdn.azureedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
588
:: Add hosts entries for widgetservice.azurefd.net
589
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='widgetservice.azurefd.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
590
:: Add hosts entries for fp-vs.azureedge.net
591
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='fp-vs.azureedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
592
:: Add hosts entries for ln-ring.msedge.net
593
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ln-ring.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
594
:: Add hosts entries for t-ring.msedge.net
595
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='t-ring.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
596
:: Add hosts entries for t-ring-fdv2.msedge.net
597
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='t-ring-fdv2.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
598
:: Add hosts entries for tse1.mm.bing.net
599
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='tse1.mm.bing.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
600
:: ----------------------------------------------------------
601
 
602
 
603
:: ----------------------------------------------------------
604
:: -------------Block Edge experimentation hosts-------------
605
:: ----------------------------------------------------------
606
echo --- Block Edge experimentation hosts
607
:: Add hosts entries for config.edge.skype.com
608
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='config.edge.skype.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
609
:: ----------------------------------------------------------
610
 
611
 
612
:: ----------------------------------------------------------
613
:: ---------------Block Photos app sync hosts----------------
614
:: ----------------------------------------------------------
615
echo --- Block Photos app sync hosts
616
:: Add hosts entries for evoke-windowsservices-tas.msedge.net
617
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='evoke-windowsservices-tas.msedge.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
618
:: ----------------------------------------------------------
619
 
620
 
621
:: ----------------------------------------------------------
622
:: --------------Block OneNote Live Tile hosts---------------
623
:: ----------------------------------------------------------
624
echo --- Block OneNote Live Tile hosts
625
:: Add hosts entries for cdn.onenote.net
626
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='cdn.onenote.net'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
627
:: ----------------------------------------------------------
628
 
629
 
630
:: ----------------------------------------------------------
631
:: --------------Block Weather Live Tile hosts---------------
632
:: ----------------------------------------------------------
633
echo --- Block Weather Live Tile hosts
634
:: Add hosts entries for tile-service.weather.microsoft.com
635
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='tile-service.weather.microsoft.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
636
:: ----------------------------------------------------------
637
 
638
 
639
:: ----------------------------------------------------------
640
:: ----------Disable lock screen app notifications-----------
641
:: ----------------------------------------------------------
642
echo --- Disable lock screen app notifications
643
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!DisableLockScreenAppNotifications"
644
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'DisableLockScreenAppNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
645
:: ----------------------------------------------------------
646
 
647
 
648
:: ----------------------------------------------------------
649
:: ----------Disable Live Tiles push notifications-----------
650
:: ----------------------------------------------------------
651
echo --- Disable Live Tiles push notifications
652
:: Set the registry value: "HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoTileApplicationNotification"
653
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications'; $data =  '1'; reg add 'HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications' /v 'NoTileApplicationNotification' /t 'REG_DWORD' /d "^""$data"^"" /f"
654
:: ----------------------------------------------------------
655
 
656
 
657
:: ----------------------------------------------------------
658
:: ----Disable the "Look For An App In The Store" option-----
659
:: ----------------------------------------------------------
660
echo --- Disable the "Look For An App In The Store" option
661
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith"
662
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer' /v 'NoUseStoreOpenWith' /t 'REG_DWORD' /d "^""$data"^"" /f"
663
:: ----------------------------------------------------------
664
 
665
 
666
:: Disable the display of recently used files in Quick Access
667
echo --- Disable the display of recently used files in Quick Access
668
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer!ShowRecent"
669
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer' /v 'ShowRecent' /t 'REG_DWORD' /d "^""$data"^"" /f"
670
:: Delete the registry value "(Default)" from the key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HomeFolderDesktop\NameSpace\DelegateFolders\{3134ef9c-6b18-4996-ad04-ed5912e00eb5}" 
671
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HomeFolderDesktop\NameSpace\DelegateFolders\{3134ef9c-6b18-4996-ad04-ed5912e00eb5}'; $valueName = '(Default)'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
672
:: Delete the registry value "(Default)" from the key "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\HomeFolderDesktop\NameSpace\DelegateFolders\{3134ef9c-6b18-4996-ad04-ed5912e00eb5}" 
673
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\HomeFolderDesktop\NameSpace\DelegateFolders\{3134ef9c-6b18-4996-ad04-ed5912e00eb5}'; $valueName = '(Default)'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
674
:: ----------------------------------------------------------
675
 
676
 
677
:: ----------------------------------------------------------
678
:: -----------Disable sync provider notifications------------
679
:: ----------------------------------------------------------
680
echo --- Disable sync provider notifications
681
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced!ShowSyncProviderNotifications"
682
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' /v 'ShowSyncProviderNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
683
:: Suggest restarting explorer.exe for changes to take effect
684
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
685
:: ----------------------------------------------------------
686
 
687
 
688
:: Disable hibernation for faster startup and to avoid sensitive data storage
689
echo --- Disable hibernation for faster startup and to avoid sensitive data storage
690
powercfg -h off
691
:: ----------------------------------------------------------
692
 
693
 
694
:: ----------------------------------------------------------
695
:: ----------Enable camera on/off OSD notifications----------
696
:: ----------------------------------------------------------
697
echo --- Enable camera on/off OSD notifications
698
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPhysicalCameraLED"
699
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoPhysicalCameraLED' /t 'REG_DWORD' /d "^""$data"^"" /f"
700
:: ----------------------------------------------------------
701
 
702
 
703
:: ----------------------------------------------------------
704
:: ----------------Disable app usage tracking----------------
705
:: ----------------------------------------------------------
706
echo --- Disable app usage tracking
707
:: Set the registry value: "HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableMFUTracking"
708
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\Windows\EdgeUI'; $data =  '1'; reg add 'HKCU\Software\Policies\Microsoft\Windows\EdgeUI' /v 'DisableMFUTracking' /t 'REG_DWORD' /d "^""$data"^"" /f"
709
:: ----------------------------------------------------------
710
 
711
 
712
:: ----------------------------------------------------------
713
:: -------------------Disable recent apps--------------------
714
:: ----------------------------------------------------------
715
echo --- Disable recent apps
716
:: Set the registry value: "HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableRecentApps"
717
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\Windows\EdgeUI'; $data =  '1'; reg add 'HKCU\Software\Policies\Microsoft\Windows\EdgeUI' /v 'DisableRecentApps' /t 'REG_DWORD' /d "^""$data"^"" /f"
718
:: ----------------------------------------------------------
719
 
720
 
721
:: ----------------------------------------------------------
722
:: -------------------Disable backtracking-------------------
723
:: ----------------------------------------------------------
724
echo --- Disable backtracking
725
:: Set the registry value: "HKCU\Software\Policies\Microsoft\Windows\EdgeUI!TurnOffBackstack"
726
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\Windows\EdgeUI'; $data =  '1'; reg add 'HKCU\Software\Policies\Microsoft\Windows\EdgeUI' /v 'TurnOffBackstack' /t 'REG_DWORD' /d "^""$data"^"" /f"
727
:: ----------------------------------------------------------
728
 
729
 
730
:: ----------------------------------------------------------
731
:: -----------Remove "Meet Now" icon from taskbar------------
732
:: ----------------------------------------------------------
733
echo --- Remove "Meet Now" icon from taskbar
734
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAMeetNow"
735
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'HideSCAMeetNow' /t 'REG_DWORD' /d "^""$data"^"" /f"
736
:: ----------------------------------------------------------
737
 
738
 
739
:: ----------------------------------------------------------
740
:: -------------Clear recent application history-------------
741
:: ----------------------------------------------------------
742
echo --- Clear recent application history
743
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU" 
744
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
745
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU" 
746
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
747
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy" 
748
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
749
:: ----------------------------------------------------------
750
 
751
 
752
:: ----------------------------------------------------------
753
:: -------------Clear Adobe recent file history--------------
754
:: ----------------------------------------------------------
755
echo --- Clear Adobe recent file history
756
:: Remove the registry key "HKCU\Software\Adobe\MediaBrowser\MRU" 
757
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKCU\Software\Adobe\MediaBrowser\MRU'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
758
:: ----------------------------------------------------------
759
 
760
 
761
:: ----------------------------------------------------------
762
:: --------Clear Microsoft Paint recent files history--------
763
:: ----------------------------------------------------------
764
echo --- Clear Microsoft Paint recent files history
765
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" 
766
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
767
:: ----------------------------------------------------------
768
 
769
 
770
:: ----------------------------------------------------------
771
:: ------------Clear WordPad recent file history-------------
772
:: ----------------------------------------------------------
773
echo --- Clear WordPad recent file history
774
:: Clear registry values from "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List" 
775
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
776
:: ----------------------------------------------------------
777
 
778
 
779
:: ----------------------------------------------------------
780
:: -----------Clear network drive mapping history------------
781
:: ----------------------------------------------------------
782
echo --- Clear network drive mapping history
783
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" 
784
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
785
:: ----------------------------------------------------------
786
 
787
 
788
:: ----------------------------------------------------------
789
:: ---------------Clear Windows Search history---------------
790
:: ----------------------------------------------------------
791
echo --- Clear Windows Search history
792
:: Clear registry values from "HKCU\Software\Microsoft\Search Assistant\ACMru" (recursively)
793
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Search Assistant\ACMru'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Iterating subkeys recursively: `"^""$formattedRegistryKeyPath`"^""."^""; $subKeys = Get-ChildItem -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop; if (!$subKeys) { Write-Output 'Skipping: no subkeys available.'; return; }; foreach ($subKey in $subKeys) { $subkeyName = $($subKey.PSChildName); Write-Output "^""Processing subkey: `"^""$subkeyName`"^"""^""; $subkeyPath = Join-Path -Path $currentRegistryKeyPath -ChildPath $subkeyName; Clear-RegistryKeyValues $subkeyPath; }; Write-Output "^""Successfully cleared all subkeys in `"^""$formattedRegistryKeyPath`"^""."^""; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
794
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery" 
795
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
796
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchHistory" (recursively)
797
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchHistory'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Iterating subkeys recursively: `"^""$formattedRegistryKeyPath`"^""."^""; $subKeys = Get-ChildItem -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop; if (!$subKeys) { Write-Output 'Skipping: no subkeys available.'; return; }; foreach ($subKey in $subKeys) { $subkeyName = $($subKey.PSChildName); Write-Output "^""Processing subkey: `"^""$subkeyName`"^"""^""; $subkeyPath = Join-Path -Path $currentRegistryKeyPath -ChildPath $subkeyName; Clear-RegistryKeyValues $subkeyPath; }; Write-Output "^""Successfully cleared all subkeys in `"^""$formattedRegistryKeyPath`"^""."^""; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
798
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\History"
799
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\History'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
800
:: ----------------------------------------------------------
801
 
802
 
803
:: ----------------------------------------------------------
804
:: ----------Clear recent files and folders history----------
805
:: ----------------------------------------------------------
806
echo --- Clear recent files and folders history
807
:: Clear registry values from "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" (recursively)
808
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Iterating subkeys recursively: `"^""$formattedRegistryKeyPath`"^""."^""; $subKeys = Get-ChildItem -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop; if (!$subKeys) { Write-Output 'Skipping: no subkeys available.'; return; }; foreach ($subKey in $subKeys) { $subkeyName = $($subKey.PSChildName); Write-Output "^""Processing subkey: `"^""$subkeyName`"^"""^""; $subkeyPath = Join-Path -Path $currentRegistryKeyPath -ChildPath $subkeyName; Clear-RegistryKeyValues $subkeyPath; }; Write-Output "^""Successfully cleared all subkeys in `"^""$formattedRegistryKeyPath`"^""."^""; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
809
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU" (recursively)
810
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Iterating subkeys recursively: `"^""$formattedRegistryKeyPath`"^""."^""; $subKeys = Get-ChildItem -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop; if (!$subKeys) { Write-Output 'Skipping: no subkeys available.'; return; }; foreach ($subKey in $subKeys) { $subkeyName = $($subKey.PSChildName); Write-Output "^""Processing subkey: `"^""$subkeyName`"^"""^""; $subkeyPath = Join-Path -Path $currentRegistryKeyPath -ChildPath $subkeyName; Clear-RegistryKeyValues $subkeyPath; }; Write-Output "^""Successfully cleared all subkeys in `"^""$formattedRegistryKeyPath`"^""."^""; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
811
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU" (recursively)
812
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Iterating subkeys recursively: `"^""$formattedRegistryKeyPath`"^""."^""; $subKeys = Get-ChildItem -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop; if (!$subKeys) { Write-Output 'Skipping: no subkeys available.'; return; }; foreach ($subKey in $subKeys) { $subkeyName = $($subKey.PSChildName); Write-Output "^""Processing subkey: `"^""$subkeyName`"^"""^""; $subkeyPath = Join-Path -Path $currentRegistryKeyPath -ChildPath $subkeyName; Clear-RegistryKeyValues $subkeyPath; }; Write-Output "^""Successfully cleared all subkeys in `"^""$formattedRegistryKeyPath`"^""."^""; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
813
:: Clear directory contents  : "%APPDATA%\Microsoft\Windows\Recent Items"
814
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Microsoft\Windows\Recent Items'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
815
:: ----------------------------------------------------------
816
 
817
 
818
:: ----------------------------------------------------------
819
:: ----Clear Windows Media Player recent activity history----
820
:: ----------------------------------------------------------
821
echo --- Clear Windows Media Player recent activity history
822
:: Clear registry values from "HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList" 
823
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
824
:: Clear registry values from "HKCU\Software\Microsoft\MediaPlayer\Player\RecentURLList" 
825
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\MediaPlayer\Player\RecentURLList'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
826
:: Clear registry values from "HKCU\Software\Gabest\Media Player Classic\Recent File List" 
827
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Gabest\Media Player Classic\Recent File List'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
828
:: ----------------------------------------------------------
829
 
830
 
831
:: ----------------------------------------------------------
832
:: ---------Clear DirectX recent application history---------
833
:: ----------------------------------------------------------
834
echo --- Clear DirectX recent application history
835
:: Clear registry values from "HKCU\Software\Microsoft\Direct3D\MostRecentApplication" 
836
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Direct3D\MostRecentApplication'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
837
:: ----------------------------------------------------------
838
 
839
 
840
:: ----------------------------------------------------------
841
:: ------------Clear Windows Run command history-------------
842
:: ----------------------------------------------------------
843
echo --- Clear Windows Run command history
844
:: Clear registry values from "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" 
845
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
846
:: ----------------------------------------------------------
847
 
848
 
849
:: ----------------------------------------------------------
850
:: ---------Clear File Explorer address bar history----------
851
:: ----------------------------------------------------------
852
echo --- Clear File Explorer address bar history
853
:: Clear registry values from "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" 
854
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
855
:: ----------------------------------------------------------
856
 
857
 
858
:: ----------------------------------------------------------
859
:: ----------------Clear Listary search index----------------
860
:: ----------------------------------------------------------
861
echo --- Clear Listary search index
862
:: Clear directory contents  : "%APPDATA%\Listary\UserData"
863
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Listary\UserData'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
864
:: ----------------------------------------------------------
865
 
866
 
867
:: ----------------------------------------------------------
868
:: ---------------------Clear Java cache---------------------
869
:: ----------------------------------------------------------
870
echo --- Clear Java cache
871
:: Clear directory contents  : "%APPDATA%\Sun\Java\Deployment\cache"
872
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Sun\Java\Deployment\cache'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
873
:: ----------------------------------------------------------
874
 
875
 
876
:: ----------------------------------------------------------
877
:: ----------------Clear Flash Player traces-----------------
878
:: ----------------------------------------------------------
879
echo --- Clear Flash Player traces
880
:: Clear directory contents  : "%APPDATA%\Macromedia\Flash Player"
881
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Macromedia\Flash Player'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
882
:: ----------------------------------------------------------
883
 
884
 
885
:: ----------------------------------------------------------
886
:: ----------------Clear Dotnet CLI telemetry----------------
887
:: ----------------------------------------------------------
888
echo --- Clear Dotnet CLI telemetry
889
:: Clear directory contents  : "%USERPROFILE%\.dotnet\TelemetryStorageService"
890
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%USERPROFILE%\.dotnet\TelemetryStorageService'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
891
:: ----------------------------------------------------------
892
 
893
 
894
:: ----------------------------------------------------------
895
:: -Clear Opera history (user profiles, settings, and data)--
896
:: ----------------------------------------------------------
897
echo --- Clear Opera history (user profiles, settings, and data)
898
:: Clear directory contents  : "%USERPROFILE%\Local Settings\Application Data\Opera\Opera"
899
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%USERPROFILE%\Local Settings\Application Data\Opera\Opera'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
900
:: Clear directory contents  : "%LOCALAPPDATA%\Opera\Opera"
901
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Opera\Opera'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
902
:: Clear directory contents  : "%APPDATA%\Opera\Opera"
903
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Opera\Opera'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
904
:: ----------------------------------------------------------
905
 
906
 
907
:: ----------------------------------------------------------
908
:: --------------Clear temporary system folder---------------
909
:: ----------------------------------------------------------
910
echo --- Clear temporary system folder
911
:: Clear directory contents  : "%SYSTEMROOT%\Temp"
912
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Temp'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
913
:: ----------------------------------------------------------
914
 
915
 
916
:: ----------------------------------------------------------
917
:: ---------------Clear temporary user folder----------------
918
:: ----------------------------------------------------------
919
echo --- Clear temporary user folder
920
:: Clear directory contents  : "%TEMP%"
921
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
922
:: ----------------------------------------------------------
923
 
924
 
925
:: ----------------------------------------------------------
926
:: ------------------Clear prefetch folder-------------------
927
:: ----------------------------------------------------------
928
echo --- Clear prefetch folder
929
:: Clear directory contents  : "%SYSTEMROOT%\Prefetch"
930
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Prefetch'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
931
:: ----------------------------------------------------------
932
 
933
 
934
:: ----------------------------------------------------------
935
:: ------------------Clear thumbnail cache-------------------
936
:: ----------------------------------------------------------
937
echo --- Clear thumbnail cache
938
:: Delete files matching pattern: "%LOCALAPPDATA%\Microsoft\Windows\Explorer\*.db"
939
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Microsoft\Windows\Explorer\*.db"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
940
:: ----------------------------------------------------------
941
 
942
 
943
:: ----------------------------------------------------------
944
:: -------------Clear diagnostics tracking logs--------------
945
:: ----------------------------------------------------------
946
echo --- Clear diagnostics tracking logs
947
:: Stop service: DiagTrack (with state file) (wait until stopped)
948
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'DiagTrack'; Write-Host "^""Stopping service: `"^""$serviceName`"^""."^""; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if (!$service) { Write-Host "^""Skipping, service `"^""$serviceName`"^"" could not be not found, no need to stop it."^""; exit 0; }; if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""Skipping, `"^""$serviceName`"^"" is not running, no need to stop."^""; exit 0; }; Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { $service | Stop-Service -Force -ErrorAction Stop; $service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped); } catch { throw "^""Failed to stop the service `"^""$serviceName`"^"": $_"^""; }; Write-Host "^""Successfully stopped the service: `"^""$serviceName`"^""."^""; function Get-StateFilePath($BaseName, $Suffix) { $escapedBaseName = $BaseName.Split([IO.Path]::GetInvalidFileNameChars()) -Join '_'; $uniqueFilename = $escapedBaseName, $Suffix -Join '-'; $path = [IO.Path]::Combine( $env:APPDATA, 'privacy.sexy', 'state', $uniqueFilename ); return $path; }; function Get-UniqueStateFilePath($BaseName) { $suffix = New-Guid; $path = Get-StateFilePath -BaseName $BaseName -Suffix $suffix; if (Test-Path -Path $path) { Write-Verbose "^""Path collision detected at: '$path'. Generating new path..."^""; return Get-UniqueStateFilePath $serviceName; }; return $path; }; function New-EmptyFile($Path) { $parentDirectory = [System.IO.Path]::GetDirectoryName($Path); if (-not (Test-Path $parentDirectory -PathType Container)) { try { New-Item -ItemType Directory -Path $parentDirectory -Force -ErrorAction Stop | Out-Null; }  catch { Write-Warning "^""Failed to create parent directory of file `"^""$parentDirectory`"^"": $_"^""; }; }; try { New-Item -ItemType File -Path $Path -Force -ErrorAction Stop | Out-Null; return $true; } catch { Write-Warning "^""Failed to create file `"^""$Path`"^"": $_"^""; return $false; }; }; $path = Get-UniqueStateFilePath $serviceName; if (New-EmptyFile $path) { Write-Host 'Service will restart automatically.'; } else { Write-Warning 'Manual restart required - please restart your computer.'; }"
949
:: Delete files matching pattern: "%PROGRAMDATA%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl"
950
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
951
:: Delete files matching pattern: "%PROGRAMDATA%\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl"
952
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
953
:: Start service: DiagTrack (if state requires)
954
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'DiagTrack'; function Get-StateFilePath($BaseName, $Suffix) { $escapedBaseName = $BaseName.Split([IO.Path]::GetInvalidFileNameChars()) -Join '_'; $uniqueFilename = $escapedBaseName, $Suffix -Join '-'; $path = [IO.Path]::Combine( $env:APPDATA, 'privacy.sexy', 'state', $uniqueFilename ); return $path; }; $fileGlob = Get-StateFilePath -BaseName $serviceName -Suffix '*'; $files = Get-ChildItem -Path "^""$fileGlob"^""; if ($files.Count -gt 0) { $firstFilePath = $files[0].FullName; try { Remove-Item -Path $firstFilePath -Force -ErrorAction Stop; Write-Host 'The service is expected to be started.'; } catch { Write-Warning "^""Failed to delete the service state file `"^""$firstFilePath`"^"": $_"^""; }; }; if ($files.Count -ne 1) { <# Not the last file requiring restart #>; Write-Host 'Skipping starting the service: It was not running before.'; exit 0; }; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if (!$service) { throw "^""Failed to start service `"^""$serviceName`"^"": Service not found."^""; }; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""Skipping, `"^""$serviceName`"^"" is already running, no need to start."^""; exit 0; }; Write-Host "^""`"^""$serviceName`"^"" is not running, starting it."^""; try { $service | Start-Service -ErrorAction Stop; Write-Host "^""Successfully started the service: `"^""$serviceName`"^""."^""; } catch { Write-Warning "^""Failed to start the service: `"^""$serviceName`"^""."^""; exit 1; }"
955
:: ----------------------------------------------------------
956
 
957
 
958
:: ----------------------------------------------------------
959
:: -------Clear event logs in Event Viewer application-------
960
:: ----------------------------------------------------------
961
echo --- Clear event logs in Event Viewer application
962
REM https://social.technet.microsoft.com/Forums/en-US/f6788f7d-7d04-41f1-a64e-3af9f700e4bd/failed-to-clear-log-microsoftwindowsliveidoperational-access-is-denied?forum=win10itprogeneral
963
wevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)
964
for /f "tokens=*" %%i in ('wevtutil.exe el') DO (
965
    echo Deleting event log: "%%i"
966
    wevtutil.exe cl %1 "%%i"
967
)
968
:: ----------------------------------------------------------
969
 
970
 
971
:: ----------------------------------------------------------
972
:: ---------Clear Defender scan (protection) history---------
973
:: ----------------------------------------------------------
974
echo --- Clear Defender scan (protection) history
975
:: Clear directory contents (with additional permissions) : "%ProgramData%\Microsoft\Windows Defender\Scans\History"
976
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%ProgramData%\Microsoft\Windows Defender\Scans\History'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
977
:: ----------------------------------------------------------
978
 
979
 
980
:: ----------------------------------------------------------
981
:: -------------Clear Quick Access recent files--------------
982
:: ----------------------------------------------------------
983
echo --- Clear Quick Access recent files
984
:: Clear directory contents  : "%APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations"
985
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
986
:: ----------------------------------------------------------
987
 
988
 
989
:: ----------------------------------------------------------
990
:: -------------Clear Quick Access pinned items--------------
991
:: ----------------------------------------------------------
992
echo --- Clear Quick Access pinned items
993
:: Clear directory contents  : "%APPDATA%\Microsoft\Windows\Recent\CustomDestinations"
994
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Microsoft\Windows\Recent\CustomDestinations'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
995
:: ----------------------------------------------------------
996
 
997
 
998
:: ----------------------------------------------------------
999
:: ---------Clear Windows Registry last-accessed key---------
1000
:: ----------------------------------------------------------
1001
echo --- Clear Windows Registry last-accessed key
1002
:: Delete the registry value "LastKey" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit" 
1003
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit'; $valueName = 'LastKey'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
1004
:: ----------------------------------------------------------
1005
 
1006
 
1007
:: ----------------------------------------------------------
1008
:: --------Clear Windows Registry favorite locations---------
1009
:: ----------------------------------------------------------
1010
echo --- Clear Windows Registry favorite locations
1011
:: Clear registry values from "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" 
1012
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
1013
:: ----------------------------------------------------------
1014
 
1015
 
1016
:: ----------------------------------------------------------
1017
:: ------------Clear privacy.sexy script history-------------
1018
:: ----------------------------------------------------------
1019
echo --- Clear privacy.sexy script history
1020
:: Clear directory contents  : "%APPDATA%\privacy.sexy\runs"
1021
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\privacy.sexy\runs'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1022
:: ----------------------------------------------------------
1023
 
1024
 
1025
:: ----------------------------------------------------------
1026
:: -------------Clear privacy.sexy activity logs-------------
1027
:: ----------------------------------------------------------
1028
echo --- Clear privacy.sexy activity logs
1029
:: Clear directory contents  : "%APPDATA%\privacy.sexy\logs"
1030
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\privacy.sexy\logs'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1031
:: ----------------------------------------------------------
1032
 
1033
 
1034
:: ----------------------------------------------------------
1035
:: --------------------Clear Steam dumps---------------------
1036
:: ----------------------------------------------------------
1037
echo --- Clear Steam dumps
1038
:: Clear directory contents  : "%PROGRAMFILES(X86)%\Steam\Dumps"
1039
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMFILES(X86)%\Steam\Dumps'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1040
:: ----------------------------------------------------------
1041
 
1042
 
1043
:: ----------------------------------------------------------
1044
:: --------------------Clear Steam traces--------------------
1045
:: ----------------------------------------------------------
1046
echo --- Clear Steam traces
1047
:: Clear directory contents  : "%PROGRAMFILES(X86)%\Steam\Traces"
1048
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMFILES(X86)%\Steam\Traces'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1049
:: ----------------------------------------------------------
1050
 
1051
 
1052
:: ----------------------------------------------------------
1053
:: --------------------Clear Steam cache---------------------
1054
:: ----------------------------------------------------------
1055
echo --- Clear Steam cache
1056
:: Clear directory contents  : "%ProgramFiles(x86)%\Steam\appcache"
1057
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%ProgramFiles(x86)%\Steam\appcache'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1058
:: ----------------------------------------------------------
1059
 
1060
 
1061
:: ----------------------------------------------------------
1062
:: -----Clear offline Visual Studio usage telemetry data-----
1063
:: ----------------------------------------------------------
1064
echo --- Clear offline Visual Studio usage telemetry data
1065
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\VSCommon\14.0\SQM"
1066
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\VSCommon\14.0\SQM'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1067
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\VSCommon\15.0\SQM"
1068
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\VSCommon\15.0\SQM'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1069
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\VSCommon\16.0\SQM"
1070
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\VSCommon\16.0\SQM'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1071
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\VSCommon\17.0\SQM"
1072
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\VSCommon\17.0\SQM'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1073
:: ----------------------------------------------------------
1074
 
1075
 
1076
:: ----------------------------------------------------------
1077
:: ------Clear Visual Studio Application Insights logs-------
1078
:: ----------------------------------------------------------
1079
echo --- Clear Visual Studio Application Insights logs
1080
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\VSApplicationInsights"
1081
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\VSApplicationInsights'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1082
:: Clear directory contents  : "%PROGRAMDATA%\Microsoft\VSApplicationInsights"
1083
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMDATA%\Microsoft\VSApplicationInsights'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1084
:: Clear directory contents  : "%TEMP%\Microsoft\VSApplicationInsights"
1085
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\Microsoft\VSApplicationInsights'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1086
:: ----------------------------------------------------------
1087
 
1088
 
1089
:: ----------------------------------------------------------
1090
:: ------------Clear Visual Studio telemetry data------------
1091
:: ----------------------------------------------------------
1092
echo --- Clear Visual Studio telemetry data
1093
:: Clear directory contents  : "%APPDATA%\vstelemetry"
1094
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\vstelemetry'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1095
:: Clear directory contents  : "%PROGRAMDATA%\vstelemetry"
1096
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMDATA%\vstelemetry'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1097
:: ----------------------------------------------------------
1098
 
1099
 
1100
:: ----------------------------------------------------------
1101
:: ---Clear Visual Studio temporary telemetry and log data---
1102
:: ----------------------------------------------------------
1103
echo --- Clear Visual Studio temporary telemetry and log data
1104
:: Clear directory contents  : "%TEMP%\VSFaultInfo"
1105
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\VSFaultInfo'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1106
:: Clear directory contents  : "%TEMP%\VSFeedbackPerfWatsonData"
1107
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\VSFeedbackPerfWatsonData'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1108
:: Clear directory contents  : "%TEMP%\VSFeedbackVSRTCLogs"
1109
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\VSFeedbackVSRTCLogs'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1110
:: Clear directory contents  : "%TEMP%\VSFeedbackIntelliCodeLogs"
1111
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\VSFeedbackIntelliCodeLogs'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1112
:: Clear directory contents  : "%TEMP%\VSRemoteControl"
1113
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\VSRemoteControl'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1114
:: Clear directory contents  : "%TEMP%\Microsoft\VSFeedbackCollector"
1115
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\Microsoft\VSFeedbackCollector'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1116
:: Clear directory contents  : "%TEMP%\VSTelem"
1117
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\VSTelem'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1118
:: Clear directory contents  : "%TEMP%\VSTelem.Out"
1119
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%TEMP%\VSTelem.Out'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1120
:: ----------------------------------------------------------
1121
 
1122
 
1123
:: ----------------------------------------------------------
1124
:: -------------Clear Visual Studio 2010 license-------------
1125
:: ----------------------------------------------------------
1126
echo --- Clear Visual Studio 2010 license
1127
:: Remove Visual Studio license for product 77550D6B-6352-4E77-9DA3-537419DF564B
1128
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\77550D6B-6352-4E77-9DA3-537419DF564B" 
1129
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\77550D6B-6352-4E77-9DA3-537419DF564B'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1130
:: ----------------------------------------------------------
1131
 
1132
 
1133
:: ----------------------------------------------------------
1134
:: -------------Clear Visual Studio 2013 license-------------
1135
:: ----------------------------------------------------------
1136
echo --- Clear Visual Studio 2013 license
1137
:: Remove Visual Studio license for product E79B3F9C-6543-4897-BBA5-5BFB0A02BB5C
1138
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\E79B3F9C-6543-4897-BBA5-5BFB0A02BB5C" 
1139
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\E79B3F9C-6543-4897-BBA5-5BFB0A02BB5C'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1140
:: ----------------------------------------------------------
1141
 
1142
 
1143
:: ----------------------------------------------------------
1144
:: -------------Clear Visual Studio 2015 license-------------
1145
:: ----------------------------------------------------------
1146
echo --- Clear Visual Studio 2015 license
1147
:: Remove Visual Studio license for product 4D8CFBCB-2F6A-4AD2-BABF-10E28F6F2C8F
1148
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\4D8CFBCB-2F6A-4AD2-BABF-10E28F6F2C8F" 
1149
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\4D8CFBCB-2F6A-4AD2-BABF-10E28F6F2C8F'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1150
:: ----------------------------------------------------------
1151
 
1152
 
1153
:: ----------------------------------------------------------
1154
:: -------------Clear Visual Studio 2017 license-------------
1155
:: ----------------------------------------------------------
1156
echo --- Clear Visual Studio 2017 license
1157
:: Remove Visual Studio license for product 5C505A59-E312-4B89-9508-E162F8150517
1158
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\5C505A59-E312-4B89-9508-E162F8150517" 
1159
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\5C505A59-E312-4B89-9508-E162F8150517'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1160
:: ----------------------------------------------------------
1161
 
1162
 
1163
:: ----------------------------------------------------------
1164
:: -------------Clear Visual Studio 2019 license-------------
1165
:: ----------------------------------------------------------
1166
echo --- Clear Visual Studio 2019 license
1167
:: Remove Visual Studio license for product 41717607-F34E-432C-A138-A3CFD7E25CDA
1168
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\41717607-F34E-432C-A138-A3CFD7E25CDA" 
1169
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\41717607-F34E-432C-A138-A3CFD7E25CDA'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1170
:: ----------------------------------------------------------
1171
 
1172
 
1173
:: ----------------------------------------------------------
1174
:: -------------Clear Visual Studio 2022 license-------------
1175
:: ----------------------------------------------------------
1176
echo --- Clear Visual Studio 2022 license
1177
:: Remove Visual Studio license for product B16F0CF0-8AD1-4A5B-87BC-CB0DBE9C48FC
1178
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\B16F0CF0-8AD1-4A5B-87BC-CB0DBE9C48FC" 
1179
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\B16F0CF0-8AD1-4A5B-87BC-CB0DBE9C48FC'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1180
:: Remove Visual Studio license for product 10D17DBA-761D-4CD8-A627-984E75A58700
1181
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\10D17DBA-761D-4CD8-A627-984E75A58700" 
1182
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\10D17DBA-761D-4CD8-A627-984E75A58700'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1183
:: Remove Visual Studio license for product 1299B4B9-DFCC-476D-98F0-F65A2B46C96D
1184
:: Remove the registry key "HKLM\SOFTWARE\Classes\Licenses\1299B4B9-DFCC-476D-98F0-F65A2B46C96D" 
1185
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Classes\Licenses\1299B4B9-DFCC-476D-98F0-F65A2B46C96D'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
1186
:: ----------------------------------------------------------
1187
 
1188
 
1189
:: ----------------------------------------------------------
1190
:: --------------Clear Internet Explorer cache---------------
1191
:: ----------------------------------------------------------
1192
echo --- Clear Internet Explorer cache
1193
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Windows\INetCache\IE"
1194
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Windows\INetCache\IE'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1195
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Windows\WebCache"
1196
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Windows\WebCache'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1197
:: ----------------------------------------------------------
1198
 
1199
 
1200
:: ----------------------------------------------------------
1201
:: ------------Clear Internet Explorer typed URLs------------
1202
:: ----------------------------------------------------------
1203
echo --- Clear Internet Explorer typed URLs
1204
:: Clear registry values from "HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLs" 
1205
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLs'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
1206
:: Clear registry values from "HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLsTime" 
1207
PowerShell -ExecutionPolicy Unrestricted -Command "$rootRegistryKeyPath = 'HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLsTime'; function Clear-RegistryKeyValues { try { $currentRegistryKeyPath = $args[0]; Write-Output "^""Clearing registry values from `"^""$currentRegistryKeyPath`"^""."^""; $formattedRegistryKeyPath = $currentRegistryKeyPath -replace '^([^\\]+)', '$1:'; if (-Not (Test-Path -LiteralPath $formattedRegistryKeyPath)) { Write-Output "^""Skipping: Registry key not found: `"^""$formattedRegistryKeyPath`"^""."^""; return; }; $directValueNames=(Get-Item -LiteralPath $formattedRegistryKeyPath -ErrorAction Stop | Select-Object -ExpandProperty Property); if (-Not $directValueNames) { Write-Output 'Skipping: Registry key has no direct values.'; } else { foreach ($valueName in $directValueNames) { Remove-ItemProperty -LiteralPath $formattedRegistryKeyPath -Name $valueName -ErrorAction Stop; Write-Output "^""Successfully deleted value: `"^""$valueName`"^"" from `"^""$formattedRegistryKeyPath`"^""."^""; }; Write-Output "^""Successfully cleared all direct values in `"^""$formattedRegistryKeyPath`"^""."^""; }; } catch { Write-Error "^""Failed to clear registry values in `"^""$formattedRegistryKeyPath`"^"". Error: $_"^""; Exit 1; }; }; Clear-RegistryKeyValues $rootRegistryKeyPath"
1208
:: ----------------------------------------------------------
1209
 
1210
 
1211
:: ----------------------------------------------------------
1212
:: -----Clear "Temporary Internet Files" (browser cache)-----
1213
:: ----------------------------------------------------------
1214
echo --- Clear "Temporary Internet Files" (browser cache)
1215
:: Clear directory contents (with additional permissions) : "%USERPROFILE%\Local Settings\Temporary Internet Files"
1216
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%USERPROFILE%\Local Settings\Temporary Internet Files'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1217
:: Clear directory contents (with additional permissions) : "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files"
1218
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1219
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Windows\INetCache"
1220
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Windows\INetCache'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1221
:: Clear directory contents (with additional permissions) : "%LOCALAPPDATA%\Temporary Internet Files"
1222
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Temporary Internet Files'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1223
:: ----------------------------------------------------------
1224
 
1225
 
1226
:: ----------------------------------------------------------
1227
:: -----------Clear Internet Explorer feeds cache------------
1228
:: ----------------------------------------------------------
1229
echo --- Clear Internet Explorer feeds cache
1230
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Feeds Cache"
1231
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Feeds Cache'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1232
:: ----------------------------------------------------------
1233
 
1234
 
1235
:: ----------------------------------------------------------
1236
:: -------------Clear Internet Explorer cookies--------------
1237
:: ----------------------------------------------------------
1238
echo --- Clear Internet Explorer cookies
1239
:: Clear directory contents  : "%APPDATA%\Microsoft\Windows\Cookies"
1240
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Microsoft\Windows\Cookies'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1241
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Windows\INetCookies"
1242
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Windows\INetCookies'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1243
:: ----------------------------------------------------------
1244
 
1245
 
1246
:: ----------------------------------------------------------
1247
:: -------------Clear Internet Explorer DOMStore-------------
1248
:: ----------------------------------------------------------
1249
echo --- Clear Internet Explorer DOMStore
1250
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\InternetExplorer\DOMStore"
1251
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\InternetExplorer\DOMStore'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1252
:: ----------------------------------------------------------
1253
 
1254
 
1255
:: ----------------------------------------------------------
1256
:: ------------Clear Internet Explorer usage data------------
1257
:: ----------------------------------------------------------
1258
echo --- Clear Internet Explorer usage data
1259
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Internet Explorer"
1260
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Internet Explorer'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1261
:: ----------------------------------------------------------
1262
 
1263
 
1264
:: ----------------------------------------------------------
1265
:: ----------------Clear Chrome crash reports----------------
1266
:: ----------------------------------------------------------
1267
echo --- Clear Chrome crash reports
1268
:: Clear directory contents  : "%LOCALAPPDATA%\Google\Chrome\User Data\Crashpad\reports"
1269
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Google\Chrome\User Data\Crashpad\reports'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1270
:: Clear directory contents  : "%LOCALAPPDATA%\Google\CrashReports"
1271
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Google\CrashReports'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1272
:: ----------------------------------------------------------
1273
 
1274
 
1275
:: ----------------------------------------------------------
1276
:: -------Clear Google's "Software Reporter Tool" logs-------
1277
:: ----------------------------------------------------------
1278
echo --- Clear Google's "Software Reporter Tool" logs
1279
:: Delete files matching pattern: "%LOCALAPPDATA%\Google\Software Reporter Tool\*.log"
1280
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Google\Software Reporter Tool\*.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1281
:: ----------------------------------------------------------
1282
 
1283
 
1284
:: ----------------------------------------------------------
1285
:: ------------------Clear Chrome user data------------------
1286
:: ----------------------------------------------------------
1287
echo --- Clear Chrome user data
1288
:: Clear directory contents  : "%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data"
1289
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1290
:: Clear directory contents  : "%LOCALAPPDATA%\Google\Chrome\User Data"
1291
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Google\Chrome\User Data'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1292
:: ----------------------------------------------------------
1293
 
1294
 
1295
:: Clear Firefox browsing history (URLs, downloads, bookmarks, visits, etc.)
1296
echo --- Clear Firefox browsing history (URLs, downloads, bookmarks, visits, etc.)
1297
:: Delete files matching pattern: "%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\downloads.rdf"
1298
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\downloads.rdf"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1299
:: Delete files matching pattern: "%APPDATA%\Mozilla\Firefox\Profiles\*\downloads.rdf"
1300
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%APPDATA%\Mozilla\Firefox\Profiles\*\downloads.rdf"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1301
:: Delete files matching pattern: "%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\downloads.rdf"
1302
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\downloads.rdf"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1303
:: Delete files matching pattern: "%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\downloads.sqlite"
1304
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\downloads.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1305
:: Delete files matching pattern: "%APPDATA%\Mozilla\Firefox\Profiles\*\downloads.sqlite"
1306
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%APPDATA%\Mozilla\Firefox\Profiles\*\downloads.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1307
:: Delete files matching pattern: "%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\downloads.sqlite"
1308
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\downloads.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1309
:: Delete files matching pattern: "%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\places.sqlite"
1310
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\places.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1311
:: Delete files matching pattern: "%APPDATA%\Mozilla\Firefox\Profiles\*\places.sqlite"
1312
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%APPDATA%\Mozilla\Firefox\Profiles\*\places.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1313
:: Delete files matching pattern: "%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\places.sqlite"
1314
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\places.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1315
:: Delete files matching pattern: "%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\favicons.sqlite"
1316
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%USERPROFILE%\Local Settings\Application Data\Mozilla\Firefox\Profiles\*\favicons.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1317
:: Delete files matching pattern: "%APPDATA%\Mozilla\Firefox\Profiles\*\favicons.sqlite"
1318
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%APPDATA%\Mozilla\Firefox\Profiles\*\favicons.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1319
:: Delete files matching pattern: "%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\favicons.sqlite"
1320
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles\*\favicons.sqlite"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1321
:: ----------------------------------------------------------
1322
 
1323
 
1324
:: ----------------------------------------------------------
1325
:: ----Clear all Firefox user information and preferences----
1326
:: ----------------------------------------------------------
1327
echo --- Clear all Firefox user information and preferences
1328
:: Clear directory contents  : "%LOCALAPPDATA%\Mozilla\Firefox\Profiles"
1329
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Mozilla\Firefox\Profiles'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1330
:: Clear directory contents  : "%APPDATA%\Mozilla\Firefox\Profiles"
1331
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Mozilla\Firefox\Profiles'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1332
:: Clear directory contents  : "%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles"
1333
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Packages\Mozilla.Firefox_n80bbvh6b1yt2\LocalCache\Roaming\Mozilla\Firefox\Profiles'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1334
:: ----------------------------------------------------------
1335
 
1336
 
1337
:: ----------------------------------------------------------
1338
:: -------------------Clear Webpage Icons--------------------
1339
:: ----------------------------------------------------------
1340
echo --- Clear Webpage Icons
1341
:: Delete files matching pattern: "%USERPROFILE%\Local Settings\Application Data\Safari\WebpageIcons.db"
1342
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%USERPROFILE%\Local Settings\Application Data\Safari\WebpageIcons.db"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1343
:: Delete files matching pattern: "%LOCALAPPDATA%\Apple Computer\Safari\WebpageIcons.db"
1344
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Apple Computer\Safari\WebpageIcons.db"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1345
:: ----------------------------------------------------------
1346
 
1347
 
1348
:: ----------------------------------------------------------
1349
:: --------------------Clear Safari cache--------------------
1350
:: ----------------------------------------------------------
1351
echo --- Clear Safari cache
1352
:: Delete files matching pattern: "%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari\Cache.db"
1353
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari\Cache.db"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1354
:: Delete files matching pattern: "%LOCALAPPDATA%\Apple Computer\Safari\Cache.db"
1355
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Apple Computer\Safari\Cache.db"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1356
:: ----------------------------------------------------------
1357
 
1358
 
1359
:: ----------------------------------------------------------
1360
:: -------------------Clear Safari cookies-------------------
1361
:: ----------------------------------------------------------
1362
echo --- Clear Safari cookies
1363
:: Delete files matching pattern: "%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari\Cookies.db"
1364
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari\Cookies.db"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1365
:: Delete files matching pattern: "%LOCALAPPDATA%\Apple Computer\Safari\Cookies.db"
1366
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Apple Computer\Safari\Cookies.db"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1367
:: ----------------------------------------------------------
1368
 
1369
 
1370
:: ----------------------------------------------------------
1371
:: Clear all Safari data (user profiles, settings, and data)-
1372
:: ----------------------------------------------------------
1373
echo --- Clear all Safari data (user profiles, settings, and data)
1374
:: Clear directory contents  : "%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari"
1375
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1376
:: Clear directory contents  : "%APPDATA%\Apple Computer\Safari"
1377
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%APPDATA%\Apple Computer\Safari'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1378
:: ----------------------------------------------------------
1379
 
1380
 
1381
:: ----------------------------------------------------------
1382
:: Clear Optional Component Manager and COM+ components logs-
1383
:: ----------------------------------------------------------
1384
echo --- Clear Optional Component Manager and COM+ components logs
1385
:: Delete files matching pattern: "%SYSTEMROOT%\comsetup.log"
1386
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\comsetup.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1387
:: ----------------------------------------------------------
1388
 
1389
 
1390
:: ----------------------------------------------------------
1391
:: --Clear "Distributed Transaction Coordinator (DTC)" logs--
1392
:: ----------------------------------------------------------
1393
echo --- Clear "Distributed Transaction Coordinator (DTC)" logs
1394
:: Delete files matching pattern: "%SYSTEMROOT%\DtcInstall.log"
1395
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\DtcInstall.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1396
:: ----------------------------------------------------------
1397
 
1398
 
1399
:: Clear logs for pending/unsuccessful file rename operations
1400
echo --- Clear logs for pending/unsuccessful file rename operations
1401
:: Delete files matching pattern: "%SYSTEMROOT%\PFRO.log"
1402
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\PFRO.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1403
:: ----------------------------------------------------------
1404
 
1405
 
1406
:: ----------------------------------------------------------
1407
:: ----------Clear Windows update installation logs----------
1408
:: ----------------------------------------------------------
1409
echo --- Clear Windows update installation logs
1410
:: Delete files matching pattern: "%SYSTEMROOT%\setupact.log"
1411
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\setupact.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1412
:: Delete files matching pattern: "%SYSTEMROOT%\setuperr.log"
1413
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\setuperr.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1414
:: ----------------------------------------------------------
1415
 
1416
 
1417
:: ----------------------------------------------------------
1418
:: -----------------Clear Windows setup logs-----------------
1419
:: ----------------------------------------------------------
1420
echo --- Clear Windows setup logs
1421
:: Delete files matching pattern: "%SYSTEMROOT%\setupapi.log"
1422
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\setupapi.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1423
:: Delete files matching pattern: "%SYSTEMROOT%\inf\setupapi.app.log"
1424
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\inf\setupapi.app.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1425
:: Delete files matching pattern: "%SYSTEMROOT%\inf\setupapi.dev.log"
1426
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\inf\setupapi.dev.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1427
:: Delete files matching pattern: "%SYSTEMROOT%\inf\setupapi.offline.log"
1428
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\inf\setupapi.offline.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1429
:: Clear directory contents  : "%SYSTEMROOT%\Panther"
1430
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Panther'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1431
:: ----------------------------------------------------------
1432
 
1433
 
1434
:: ----------------------------------------------------------
1435
:: --Clear "Windows System Assessment Tool (`WinSAT`)" logs--
1436
:: ----------------------------------------------------------
1437
echo --- Clear "Windows System Assessment Tool (`WinSAT`)" logs
1438
:: Delete files matching pattern: "%SYSTEMROOT%\Performance\WinSAT\winsat.log"
1439
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\Performance\WinSAT\winsat.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1440
:: ----------------------------------------------------------
1441
 
1442
 
1443
:: ----------------------------------------------------------
1444
:: ---------------Clear password change events---------------
1445
:: ----------------------------------------------------------
1446
echo --- Clear password change events
1447
:: Delete files matching pattern: "%SYSTEMROOT%\debug\PASSWD.LOG"
1448
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\debug\PASSWD.LOG"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1449
:: ----------------------------------------------------------
1450
 
1451
 
1452
:: ----------------------------------------------------------
1453
:: --------------Clear user web cache database---------------
1454
:: ----------------------------------------------------------
1455
echo --- Clear user web cache database
1456
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\Windows\WebCache"
1457
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\Windows\WebCache'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1458
:: ----------------------------------------------------------
1459
 
1460
 
1461
:: ----------------------------------------------------------
1462
:: -------Clear system temp folder when not logged in--------
1463
:: ----------------------------------------------------------
1464
echo --- Clear system temp folder when not logged in
1465
:: Clear directory contents  : "%SYSTEMROOT%\ServiceProfiles\LocalService\AppData\Local\Temp"
1466
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\ServiceProfiles\LocalService\AppData\Local\Temp'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1467
:: ----------------------------------------------------------
1468
 
1469
 
1470
:: Clear DISM (Deployment Image Servicing and Management) system logs
1471
echo --- Clear DISM (Deployment Image Servicing and Management) system logs
1472
:: Delete files matching pattern: "%SYSTEMROOT%\Logs\CBS\CBS.log"
1473
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\Logs\CBS\CBS.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1474
:: Delete files matching pattern: "%SYSTEMROOT%\Logs\DISM\DISM.log"
1475
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\Logs\DISM\DISM.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1476
:: ----------------------------------------------------------
1477
 
1478
 
1479
:: ----------------------------------------------------------
1480
:: ----------------Clear Windows update files----------------
1481
:: ----------------------------------------------------------
1482
echo --- Clear Windows update files
1483
:: Stop service: wuauserv (with state file) (wait until stopped)
1484
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'wuauserv'; Write-Host "^""Stopping service: `"^""$serviceName`"^""."^""; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if (!$service) { Write-Host "^""Skipping, service `"^""$serviceName`"^"" could not be not found, no need to stop it."^""; exit 0; }; if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""Skipping, `"^""$serviceName`"^"" is not running, no need to stop."^""; exit 0; }; Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { $service | Stop-Service -Force -ErrorAction Stop; $service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped); } catch { throw "^""Failed to stop the service `"^""$serviceName`"^"": $_"^""; }; Write-Host "^""Successfully stopped the service: `"^""$serviceName`"^""."^""; function Get-StateFilePath($BaseName, $Suffix) { $escapedBaseName = $BaseName.Split([IO.Path]::GetInvalidFileNameChars()) -Join '_'; $uniqueFilename = $escapedBaseName, $Suffix -Join '-'; $path = [IO.Path]::Combine( $env:APPDATA, 'privacy.sexy', 'state', $uniqueFilename ); return $path; }; function Get-UniqueStateFilePath($BaseName) { $suffix = New-Guid; $path = Get-StateFilePath -BaseName $BaseName -Suffix $suffix; if (Test-Path -Path $path) { Write-Verbose "^""Path collision detected at: '$path'. Generating new path..."^""; return Get-UniqueStateFilePath $serviceName; }; return $path; }; function New-EmptyFile($Path) { $parentDirectory = [System.IO.Path]::GetDirectoryName($Path); if (-not (Test-Path $parentDirectory -PathType Container)) { try { New-Item -ItemType Directory -Path $parentDirectory -Force -ErrorAction Stop | Out-Null; }  catch { Write-Warning "^""Failed to create parent directory of file `"^""$parentDirectory`"^"": $_"^""; }; }; try { New-Item -ItemType File -Path $Path -Force -ErrorAction Stop | Out-Null; return $true; } catch { Write-Warning "^""Failed to create file `"^""$Path`"^"": $_"^""; return $false; }; }; $path = Get-UniqueStateFilePath $serviceName; if (New-EmptyFile $path) { Write-Host 'Service will restart automatically.'; } else { Write-Warning 'Manual restart required - please restart your computer.'; }"
1485
:: Clear directory contents  : "%SYSTEMROOT%\SoftwareDistribution"
1486
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\SoftwareDistribution'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1487
:: Start service: wuauserv (if state requires)
1488
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'wuauserv'; function Get-StateFilePath($BaseName, $Suffix) { $escapedBaseName = $BaseName.Split([IO.Path]::GetInvalidFileNameChars()) -Join '_'; $uniqueFilename = $escapedBaseName, $Suffix -Join '-'; $path = [IO.Path]::Combine( $env:APPDATA, 'privacy.sexy', 'state', $uniqueFilename ); return $path; }; $fileGlob = Get-StateFilePath -BaseName $serviceName -Suffix '*'; $files = Get-ChildItem -Path "^""$fileGlob"^""; if ($files.Count -gt 0) { $firstFilePath = $files[0].FullName; try { Remove-Item -Path $firstFilePath -Force -ErrorAction Stop; Write-Host 'The service is expected to be started.'; } catch { Write-Warning "^""Failed to delete the service state file `"^""$firstFilePath`"^"": $_"^""; }; }; if ($files.Count -ne 1) { <# Not the last file requiring restart #>; Write-Host 'Skipping starting the service: It was not running before.'; exit 0; }; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if (!$service) { throw "^""Failed to start service `"^""$serviceName`"^"": Service not found."^""; }; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""Skipping, `"^""$serviceName`"^"" is already running, no need to start."^""; exit 0; }; Write-Host "^""`"^""$serviceName`"^"" is not running, starting it."^""; try { $service | Start-Service -ErrorAction Stop; Write-Host "^""Successfully started the service: `"^""$serviceName`"^""."^""; } catch { Write-Warning "^""Failed to start the service: `"^""$serviceName`"^""."^""; exit 1; }"
1489
:: ----------------------------------------------------------
1490
 
1491
 
1492
:: ----------------------------------------------------------
1493
:: --------Clear Common Language Runtime system logs---------
1494
:: ----------------------------------------------------------
1495
echo --- Clear Common Language Runtime system logs
1496
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\CLR_v4.0\UsageTraces"
1497
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\CLR_v4.0\UsageTraces'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1498
:: Clear directory contents  : "%LOCALAPPDATA%\Microsoft\CLR_v4.0_32\UsageTraces"
1499
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%LOCALAPPDATA%\Microsoft\CLR_v4.0_32\UsageTraces'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1500
:: ----------------------------------------------------------
1501
 
1502
 
1503
:: ----------------------------------------------------------
1504
:: ------Clear Network Setup Service Events system logs------
1505
:: ----------------------------------------------------------
1506
echo --- Clear Network Setup Service Events system logs
1507
:: Clear directory contents  : "%SYSTEMROOT%\Logs\NetSetup"
1508
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Logs\NetSetup'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1509
:: ----------------------------------------------------------
1510
 
1511
 
1512
:: Clear logs generated by Disk Cleanup Tool (`cleanmgr.exe`)
1513
echo --- Clear logs generated by Disk Cleanup Tool (`cleanmgr.exe`)
1514
:: Clear directory contents  : "%SYSTEMROOT%\System32\LogFiles\setupcln"
1515
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\System32\LogFiles\setupcln'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1516
:: ----------------------------------------------------------
1517
 
1518
 
1519
:: ----------------------------------------------------------
1520
:: ----------Clear Windows update and SFC scan logs----------
1521
:: ----------------------------------------------------------
1522
echo --- Clear Windows update and SFC scan logs
1523
:: Clear directory contents  : "%SYSTEMROOT%\Temp\CBS"
1524
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Temp\CBS'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1525
:: ----------------------------------------------------------
1526
 
1527
 
1528
:: ----------------------------------------------------------
1529
:: ---------Clear Windows Update Medic Service logs----------
1530
:: ----------------------------------------------------------
1531
echo --- Clear Windows Update Medic Service logs
1532
:: Clear directory contents  : "%SYSTEMROOT%\Logs\waasmedic"
1533
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Logs\waasmedic'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1534
:: ----------------------------------------------------------
1535
 
1536
 
1537
:: ----------------------------------------------------------
1538
:: -----Clear "Cryptographic Services" diagnostic traces-----
1539
:: ----------------------------------------------------------
1540
echo --- Clear "Cryptographic Services" diagnostic traces
1541
:: Delete files matching pattern: "%SYSTEMROOT%\System32\catroot2\dberr.txt"
1542
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\catroot2\dberr.txt"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1543
:: Delete files matching pattern: "%SYSTEMROOT%\System32\catroot2.log"
1544
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\catroot2.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1545
:: Delete files matching pattern: "%SYSTEMROOT%\System32\catroot2.jrs"
1546
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\catroot2.jrs"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1547
:: Delete files matching pattern: "%SYSTEMROOT%\System32\catroot2.edb"
1548
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\catroot2.edb"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1549
:: Delete files matching pattern: "%SYSTEMROOT%\System32\catroot2.chk"
1550
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\catroot2.chk"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) { Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1551
:: ----------------------------------------------------------
1552
 
1553
 
1554
:: ----------------------------------------------------------
1555
:: ----Clear Server-initiated Healing Events system logs-----
1556
:: ----------------------------------------------------------
1557
echo --- Clear Server-initiated Healing Events system logs
1558
:: Clear directory contents  : "%SYSTEMROOT%\Logs\SIH"
1559
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Logs\SIH'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1560
:: ----------------------------------------------------------
1561
 
1562
 
1563
:: ----------------------------------------------------------
1564
:: ----------------Clear Windows Update logs-----------------
1565
:: ----------------------------------------------------------
1566
echo --- Clear Windows Update logs
1567
:: Clear directory contents  : "%SYSTEMROOT%\Traces\WindowsUpdate"
1568
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%SYSTEMROOT%\Traces\WindowsUpdate'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
1569
:: ----------------------------------------------------------
1570
 
1571
 
1572
:: ----------------------------------------------------------
1573
:: --------------Disable app access to location--------------
1574
:: ----------------------------------------------------------
1575
echo --- Disable app access to location
1576
:: Disable app access (LetAppsAccessLocation) using GPO (re-activation through GUI is not possible)
1577
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessLocation"
1578
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessLocation' /t 'REG_DWORD' /d "^""$data"^"" /f"
1579
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessLocation_UserInControlOfTheseApps"
1580
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessLocation_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1581
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessLocation_ForceAllowTheseApps"
1582
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessLocation_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1583
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessLocation_ForceDenyTheseApps"
1584
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessLocation_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1585
:: Disable app capability (location) using user privacy settings
1586
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location!Value"
1587
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1588
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration!Status"
1589
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration' /v 'Status' /t 'REG_DWORD' /d "^""$data"^"" /f"
1590
:: Disable app access ({BFA794E4-F964-4FDB-90F6-51056BFE4B44}) in older Windows versions (before 1903)
1591
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}!Value"
1592
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1593
:: Disable app access ({E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}) in older Windows versions (before 1903)
1594
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}!Value"
1595
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1596
:: ----------------------------------------------------------
1597
 
1598
 
1599
:: Disable app access to account information, name, and picture
1600
echo --- Disable app access to account information, name, and picture
1601
:: Disable app access (LetAppsAccessAccountInfo) using GPO (re-activation through GUI is not possible)
1602
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessAccountInfo"
1603
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessAccountInfo' /t 'REG_DWORD' /d "^""$data"^"" /f"
1604
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessAccountInfo_UserInControlOfTheseApps"
1605
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessAccountInfo_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1606
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessAccountInfo_ForceAllowTheseApps"
1607
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessAccountInfo_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1608
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessAccountInfo_ForceDenyTheseApps"
1609
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessAccountInfo_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1610
:: Disable app capability (userAccountInformation) using user privacy settings
1611
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation!Value"
1612
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1613
:: Disable app access ({C1D23ACC-752B-43E5-8448-8D0E519CD6D6}) in older Windows versions (before 1903)
1614
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}!Value"
1615
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1616
:: ----------------------------------------------------------
1617
 
1618
 
1619
:: ----------------------------------------------------------
1620
:: ----------Disable app access to motion activity-----------
1621
:: ----------------------------------------------------------
1622
echo --- Disable app access to motion activity
1623
:: Disable app access (LetAppsAccessMotion) using GPO (re-activation through GUI is not possible)
1624
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMotion"
1625
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMotion' /t 'REG_DWORD' /d "^""$data"^"" /f"
1626
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMotion_UserInControlOfTheseApps"
1627
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMotion_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1628
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMotion_ForceAllowTheseApps"
1629
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMotion_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1630
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMotion_ForceDenyTheseApps"
1631
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMotion_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1632
:: Disable app capability (activity) using user privacy settings
1633
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity!Value"
1634
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1635
:: ----------------------------------------------------------
1636
 
1637
 
1638
:: ----------------------------------------------------------
1639
:: ----------Disable app access to trusted devices-----------
1640
:: ----------------------------------------------------------
1641
echo --- Disable app access to trusted devices
1642
:: Disable app access (LetAppsAccessTrustedDevices) using GPO (re-activation through GUI is not possible)
1643
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTrustedDevices"
1644
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTrustedDevices' /t 'REG_DWORD' /d "^""$data"^"" /f"
1645
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTrustedDevices_UserInControlOfTheseApps"
1646
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTrustedDevices_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1647
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTrustedDevices_ForceAllowTheseApps"
1648
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTrustedDevices_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1649
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTrustedDevices_ForceDenyTheseApps"
1650
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTrustedDevices_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1651
:: ----------------------------------------------------------
1652
 
1653
 
1654
:: ----------------------------------------------------------
1655
:: -----Disable app access to unpaired wireless devices------
1656
:: ----------------------------------------------------------
1657
echo --- Disable app access to unpaired wireless devices
1658
:: Disable app access (LetAppsSyncWithDevices) using GPO (re-activation through GUI is not possible)
1659
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsSyncWithDevices"
1660
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsSyncWithDevices' /t 'REG_DWORD' /d "^""$data"^"" /f"
1661
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsSyncWithDevices_UserInControlOfTheseApps"
1662
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsSyncWithDevices_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1663
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsSyncWithDevices_ForceAllowTheseApps"
1664
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsSyncWithDevices_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1665
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsSyncWithDevices_ForceDenyTheseApps"
1666
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsSyncWithDevices_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1667
:: Disable app access (LooselyCoupled) in older Windows versions (before 1903)
1668
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled!Value"
1669
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1670
:: ----------------------------------------------------------
1671
 
1672
 
1673
:: ----------------------------------------------------------
1674
:: ---------------Disable app access to camera---------------
1675
:: ----------------------------------------------------------
1676
echo --- Disable app access to camera
1677
:: Disable app access (LetAppsAccessCamera) using GPO (re-activation through GUI is not possible)
1678
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCamera"
1679
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCamera' /t 'REG_DWORD' /d "^""$data"^"" /f"
1680
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCamera_UserInControlOfTheseApps"
1681
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCamera_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1682
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCamera_ForceAllowTheseApps"
1683
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCamera_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1684
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCamera_ForceDenyTheseApps"
1685
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCamera_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1686
:: Disable app capability (webcam) using user privacy settings
1687
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam!Value"
1688
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1689
:: Disable app access ({E5323777-F976-4f5b-9B55-B94699C46E44}) in older Windows versions (before 1903)
1690
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}!Value"
1691
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1692
:: ----------------------------------------------------------
1693
 
1694
 
1695
:: ----------------------------------------------------------
1696
:: -Disable app access to microphone (breaks Sound Recorder)-
1697
:: ----------------------------------------------------------
1698
echo --- Disable app access to microphone (breaks Sound Recorder)
1699
:: Disable app access (LetAppsAccessMicrophone) using GPO (re-activation through GUI is not possible)
1700
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMicrophone"
1701
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMicrophone' /t 'REG_DWORD' /d "^""$data"^"" /f"
1702
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMicrophone_UserInControlOfTheseApps"
1703
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMicrophone_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1704
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMicrophone_ForceAllowTheseApps"
1705
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMicrophone_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1706
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMicrophone_ForceDenyTheseApps"
1707
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMicrophone_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1708
:: Disable app capability (microphone) using user privacy settings
1709
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone!Value"
1710
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1711
:: Disable app access ({2EEF81BE-33FA-4800-9670-1CD474972C3F}) in older Windows versions (before 1903)
1712
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}!Value"
1713
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1714
:: ----------------------------------------------------------
1715
 
1716
 
1717
:: ----------------------------------------------------------
1718
:: ----Disable app access to information about other apps----
1719
:: ----------------------------------------------------------
1720
echo --- Disable app access to information about other apps
1721
:: Disable app access (LetAppsGetDiagnosticInfo) using GPO (re-activation through GUI is not possible)
1722
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsGetDiagnosticInfo"
1723
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsGetDiagnosticInfo' /t 'REG_DWORD' /d "^""$data"^"" /f"
1724
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsGetDiagnosticInfo_UserInControlOfTheseApps"
1725
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsGetDiagnosticInfo_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1726
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsGetDiagnosticInfo_ForceAllowTheseApps"
1727
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsGetDiagnosticInfo_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1728
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsGetDiagnosticInfo_ForceDenyTheseApps"
1729
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsGetDiagnosticInfo_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1730
:: Disable app capability (appDiagnostics) using user privacy settings
1731
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics!Value"
1732
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1733
:: Disable app access ({2297E4E2-5DBE-466D-A12B-0F8286F0D9CA}) in older Windows versions (before 1903)
1734
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2297E4E2-5DBE-466D-A12B-0F8286F0D9CA}!Value"
1735
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2297E4E2-5DBE-466D-A12B-0F8286F0D9CA}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2297E4E2-5DBE-466D-A12B-0F8286F0D9CA}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1736
:: ----------------------------------------------------------
1737
 
1738
 
1739
:: ----------------------------------------------------------
1740
:: -----------Disable app access to your contacts------------
1741
:: ----------------------------------------------------------
1742
echo --- Disable app access to your contacts
1743
:: Disable app access (LetAppsAccessContacts) using GPO (re-activation through GUI is not possible)
1744
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessContacts"
1745
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessContacts' /t 'REG_DWORD' /d "^""$data"^"" /f"
1746
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessContacts_UserInControlOfTheseApps"
1747
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessContacts_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1748
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessContacts_ForceAllowTheseApps"
1749
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessContacts_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1750
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessContacts_ForceDenyTheseApps"
1751
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessContacts_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1752
:: Disable app capability (contacts) using user privacy settings
1753
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts!Value"
1754
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1755
:: Disable app access ({7D7E8402-7C54-4821-A34E-AEEFD62DED93}) in older Windows versions (before 1903)
1756
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}!Value"
1757
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1758
:: ----------------------------------------------------------
1759
 
1760
 
1761
:: ----------------------------------------------------------
1762
:: -----------Disable app access to notifications------------
1763
:: ----------------------------------------------------------
1764
echo --- Disable app access to notifications
1765
:: Disable app access (LetAppsAccessNotifications) using GPO (re-activation through GUI is not possible)
1766
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessNotifications"
1767
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
1768
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessNotifications_UserInControlOfTheseApps"
1769
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessNotifications_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1770
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessNotifications_ForceAllowTheseApps"
1771
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessNotifications_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1772
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessNotifications_ForceDenyTheseApps"
1773
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessNotifications_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1774
:: Disable app capability (userNotificationListener) using user privacy settings
1775
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userNotificationListener!Value"
1776
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userNotificationListener'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userNotificationListener' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1777
:: Disable app access ({52079E78-A92B-413F-B213-E8FE35712E72}) in older Windows versions (before 1903)
1778
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{52079E78-A92B-413F-B213-E8FE35712E72}!Value"
1779
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{52079E78-A92B-413F-B213-E8FE35712E72}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{52079E78-A92B-413F-B213-E8FE35712E72}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1780
:: ----------------------------------------------------------
1781
 
1782
 
1783
:: ----------------------------------------------------------
1784
:: --------------Disable app access to calendar--------------
1785
:: ----------------------------------------------------------
1786
echo --- Disable app access to calendar
1787
:: Disable app access (LetAppsAccessCalendar) using GPO (re-activation through GUI is not possible)
1788
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCalendar"
1789
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCalendar' /t 'REG_DWORD' /d "^""$data"^"" /f"
1790
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCalendar_UserInControlOfTheseApps"
1791
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCalendar_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1792
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCalendar_ForceAllowTheseApps"
1793
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCalendar_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1794
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCalendar_ForceDenyTheseApps"
1795
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCalendar_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1796
:: Disable app capability (appointments) using user privacy settings
1797
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments!Value"
1798
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1799
:: Disable app access ({D89823BA-7180-4B81-B50C-7E471E6121A3}) in older Windows versions (before 1903)
1800
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}!Value"
1801
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1802
:: ----------------------------------------------------------
1803
 
1804
 
1805
:: ----------------------------------------------------------
1806
:: ---------------Disable app access to email----------------
1807
:: ----------------------------------------------------------
1808
echo --- Disable app access to email
1809
:: Disable app access (LetAppsAccessEmail) using GPO (re-activation through GUI is not possible)
1810
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessEmail"
1811
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessEmail' /t 'REG_DWORD' /d "^""$data"^"" /f"
1812
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessEmail_UserInControlOfTheseApps"
1813
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessEmail_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1814
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessEmail_ForceAllowTheseApps"
1815
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessEmail_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1816
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessEmail_ForceDenyTheseApps"
1817
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessEmail_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1818
:: Disable app capability (email) using user privacy settings
1819
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email!Value"
1820
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1821
:: Disable app access ({9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}) in older Windows versions (before 1903)
1822
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}!Value"
1823
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1824
:: ----------------------------------------------------------
1825
 
1826
 
1827
:: ----------------------------------------------------------
1828
:: ---------------Disable app access to tasks----------------
1829
:: ----------------------------------------------------------
1830
echo --- Disable app access to tasks
1831
:: Disable app access (LetAppsAccessTasks) using GPO (re-activation through GUI is not possible)
1832
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTasks"
1833
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTasks' /t 'REG_DWORD' /d "^""$data"^"" /f"
1834
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTasks_UserInControlOfTheseApps"
1835
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTasks_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1836
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTasks_ForceAllowTheseApps"
1837
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTasks_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1838
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTasks_ForceDenyTheseApps"
1839
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessTasks_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1840
:: Disable app capability (userDataTasks) using user privacy settings
1841
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks!Value"
1842
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1843
:: Disable app access ({E390DF20-07DF-446D-B962-F5C953062741}) in older Windows versions (before 1903)
1844
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E390DF20-07DF-446D-B962-F5C953062741}!Value"
1845
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E390DF20-07DF-446D-B962-F5C953062741}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E390DF20-07DF-446D-B962-F5C953062741}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1846
:: ----------------------------------------------------------
1847
 
1848
 
1849
:: ----------------------------------------------------------
1850
:: ---------------Disable app access to radios---------------
1851
:: ----------------------------------------------------------
1852
echo --- Disable app access to radios
1853
:: Disable app access (LetAppsAccessRadios) using GPO (re-activation through GUI is not possible)
1854
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessRadios"
1855
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessRadios' /t 'REG_DWORD' /d "^""$data"^"" /f"
1856
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessRadios_UserInControlOfTheseApps"
1857
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessRadios_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1858
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessRadios_ForceAllowTheseApps"
1859
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessRadios_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1860
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessRadios_ForceDenyTheseApps"
1861
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessRadios_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1862
:: Disable app capability (radios) using user privacy settings
1863
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios!Value"
1864
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1865
:: Disable app access ({A8804298-2D5F-42E3-9531-9C8C39EB29CE}) in older Windows versions (before 1903)
1866
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}!Value"
1867
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1868
:: ----------------------------------------------------------
1869
 
1870
 
1871
:: ----------------------------------------------------------
1872
:: ---------Disable app access to physical movement----------
1873
:: ----------------------------------------------------------
1874
echo --- Disable app access to physical movement
1875
:: Disable app access (LetAppsAccessBackgroundSpatialPerception) using GPO (re-activation through GUI is not possible)
1876
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessBackgroundSpatialPerception"
1877
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessBackgroundSpatialPerception' /t 'REG_DWORD' /d "^""$data"^"" /f"
1878
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps"
1879
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1880
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps"
1881
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1882
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps"
1883
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1884
:: Disable app capability (spatialPerception) using user privacy settings
1885
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\spatialPerception!Value"
1886
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\spatialPerception'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\spatialPerception' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1887
:: Disable app capability (backgroundSpatialPerception) using user privacy settings
1888
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\backgroundSpatialPerception!Value"
1889
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\backgroundSpatialPerception'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\backgroundSpatialPerception' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1890
:: ----------------------------------------------------------
1891
 
1892
 
1893
:: ----------------------------------------------------------
1894
:: ------------Disable app access to eye tracking------------
1895
:: ----------------------------------------------------------
1896
echo --- Disable app access to eye tracking
1897
:: Disable app access (LetAppsAccessGazeInput) using GPO (re-activation through GUI is not possible)
1898
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGazeInput"
1899
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGazeInput' /t 'REG_DWORD' /d "^""$data"^"" /f"
1900
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGazeInput_UserInControlOfTheseApps"
1901
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGazeInput_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1902
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGazeInput_ForceAllowTheseApps"
1903
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGazeInput_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1904
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGazeInput_ForceDenyTheseApps"
1905
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGazeInput_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1906
:: Disable app capability (gazeInput) using user privacy settings
1907
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\gazeInput!Value"
1908
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\gazeInput'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\gazeInput' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1909
:: ----------------------------------------------------------
1910
 
1911
 
1912
:: ----------------------------------------------------------
1913
:: -----------Disable app access to human presence-----------
1914
:: ----------------------------------------------------------
1915
echo --- Disable app access to human presence
1916
:: Disable app access (LetAppsAccessHumanPresence) using GPO (re-activation through GUI is not possible)
1917
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessHumanPresence"
1918
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessHumanPresence' /t 'REG_DWORD' /d "^""$data"^"" /f"
1919
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessHumanPresence_UserInControlOfTheseApps"
1920
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessHumanPresence_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1921
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessHumanPresence_ForceAllowTheseApps"
1922
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessHumanPresence_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1923
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessHumanPresence_ForceDenyTheseApps"
1924
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessHumanPresence_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1925
:: Disable app capability (humanPresence) using user privacy settings
1926
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\humanPresence!Value"
1927
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\humanPresence'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\humanPresence' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1928
:: ----------------------------------------------------------
1929
 
1930
 
1931
:: ----------------------------------------------------------
1932
:: -----------Disable app access to screen capture-----------
1933
:: ----------------------------------------------------------
1934
echo --- Disable app access to screen capture
1935
:: Disable app access (LetAppsAccessGraphicsCaptureProgrammatic) using GPO (re-activation through GUI is not possible)
1936
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureProgrammatic"
1937
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureProgrammatic' /t 'REG_DWORD' /d "^""$data"^"" /f"
1938
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps"
1939
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1940
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps"
1941
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1942
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps"
1943
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1944
:: Disable app capability (graphicsCaptureProgrammatic) using user privacy settings
1945
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\graphicsCaptureProgrammatic!Value"
1946
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\graphicsCaptureProgrammatic'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\graphicsCaptureProgrammatic' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1947
:: Disable app access (LetAppsAccessGraphicsCaptureWithoutBorder) using GPO (re-activation through GUI is not possible)
1948
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureWithoutBorder"
1949
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureWithoutBorder' /t 'REG_DWORD' /d "^""$data"^"" /f"
1950
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps"
1951
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1952
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps"
1953
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1954
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps"
1955
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1956
:: Disable app capability (graphicsCaptureWithoutBorder) using user privacy settings
1957
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\graphicsCaptureWithoutBorder!Value"
1958
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\graphicsCaptureWithoutBorder'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\graphicsCaptureWithoutBorder' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1959
:: ----------------------------------------------------------
1960
 
1961
 
1962
:: Disable app access to background activity (breaks Cortana, Search, live tiles, notifications)
1963
echo --- Disable app access to background activity (breaks Cortana, Search, live tiles, notifications)
1964
:: Disable app access (LetAppsRunInBackground) using GPO (re-activation through GUI is not possible)
1965
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsRunInBackground"
1966
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsRunInBackground' /t 'REG_DWORD' /d "^""$data"^"" /f"
1967
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsRunInBackground_UserInControlOfTheseApps"
1968
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsRunInBackground_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1969
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsRunInBackground_ForceAllowTheseApps"
1970
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsRunInBackground_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1971
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsRunInBackground_ForceDenyTheseApps"
1972
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsRunInBackground_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
1973
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications!GlobalUserDisabled"
1974
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications'; $data =  '1'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications' /v 'GlobalUserDisabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
1975
:: ----------------------------------------------------------
1976
 
1977
 
1978
:: ----------------------------------------------------------
1979
:: -----------Disable app access to input devices------------
1980
:: ----------------------------------------------------------
1981
echo --- Disable app access to input devices
1982
:: Disable app capability (humanInterfaceDevice) using user privacy settings
1983
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\humanInterfaceDevice!Value"
1984
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\humanInterfaceDevice'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\humanInterfaceDevice' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
1985
:: ----------------------------------------------------------
1986
 
1987
 
1988
:: Disable Customer Experience Improvement Program data collection
1989
echo --- Disable Customer Experience Improvement Program data collection
1990
:: Set the registry value: "HKLM\Software\Policies\Microsoft\SQMClient\Windows!CEIPEnable"
1991
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\SQMClient\Windows'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\SQMClient\Windows' /v 'CEIPEnable' /t 'REG_DWORD' /d "^""$data"^"" /f"
1992
:: Set the registry value: "HKLM\Software\Microsoft\SQMClient\Windows!CEIPEnable"
1993
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\SQMClient\Windows'; $data =  '0'; reg add 'HKLM\Software\Microsoft\SQMClient\Windows' /v 'CEIPEnable' /t 'REG_DWORD' /d "^""$data"^"" /f"
1994
:: ----------------------------------------------------------
1995
 
1996
 
1997
:: Disable Customer Experience Improvement Program data uploads
1998
echo --- Disable Customer Experience Improvement Program data uploads
1999
:: Set the registry value: "HKLM\Software\Microsoft\SQMClient!UploadDisableFlag"
2000
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\SQMClient'; $data =  '0'; reg add 'HKLM\Software\Microsoft\SQMClient' /v 'UploadDisableFlag' /t 'REG_DWORD' /d "^""$data"^"" /f"
2001
:: ----------------------------------------------------------
2002
 
2003
 
2004
:: ----------------------------------------------------------
2005
:: --------Disable Application Impact Telemetry (AIT)--------
2006
:: ----------------------------------------------------------
2007
echo --- Disable Application Impact Telemetry (AIT)
2008
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\AppCompat!AITEnable"
2009
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\AppCompat'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows\AppCompat' /v 'AITEnable' /t 'REG_DWORD' /d "^""$data"^"" /f"
2010
:: ----------------------------------------------------------
2011
 
2012
 
2013
:: ----------------------------------------------------------
2014
:: ---------Disable Application Compatibility Engine---------
2015
:: ----------------------------------------------------------
2016
echo --- Disable Application Compatibility Engine
2017
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableEngine"
2018
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\AppCompat'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\AppCompat' /v 'DisableEngine' /t 'REG_DWORD' /d "^""$data"^"" /f"
2019
:: ----------------------------------------------------------
2020
 
2021
 
2022
:: Remove "Program Compatibility" tab from file properties (context menu)
2023
echo --- Remove "Program Compatibility" tab from file properties (context menu)
2024
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePropPage"
2025
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\AppCompat'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\AppCompat' /v 'DisablePropPage' /t 'REG_DWORD' /d "^""$data"^"" /f"
2026
:: ----------------------------------------------------------
2027
 
2028
 
2029
:: Disable Steps Recorder (collects screenshots, mouse/keyboard input and UI data)
2030
echo --- Disable Steps Recorder (collects screenshots, mouse/keyboard input and UI data)
2031
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableUAR"
2032
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\AppCompat'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\AppCompat' /v 'DisableUAR' /t 'REG_DWORD' /d "^""$data"^"" /f"
2033
:: ----------------------------------------------------------
2034
 
2035
 
2036
:: ----------------------------------------------------------
2037
:: ------------Disable "Inventory Collector" task------------
2038
:: ----------------------------------------------------------
2039
echo --- Disable "Inventory Collector" task
2040
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat!DisableInventory"
2041
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat' /v 'DisableInventory' /t 'REG_DWORD' /d "^""$data"^"" /f"
2042
:: ----------------------------------------------------------
2043
 
2044
 
2045
:: ----------------------------------------------------------
2046
:: ----------Disable diagnostic and usage telemetry----------
2047
:: ----------------------------------------------------------
2048
echo --- Disable diagnostic and usage telemetry
2049
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection!AllowTelemetry"
2050
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection' /v 'AllowTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
2051
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!AllowTelemetry"
2052
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'AllowTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
2053
:: ----------------------------------------------------------
2054
 
2055
 
2056
:: ----------------------------------------------------------
2057
:: -----Disable automatic cloud configuration downloads------
2058
:: ----------------------------------------------------------
2059
echo --- Disable automatic cloud configuration downloads
2060
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\DataCollection!DisableOneSettingsDownloads"
2061
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\DataCollection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\DataCollection' /v 'DisableOneSettingsDownloads' /t 'REG_DWORD' /d "^""$data"^"" /f"
2062
:: ----------------------------------------------------------
2063
 
2064
 
2065
:: ----------------------------------------------------------
2066
:: ----------------Disable license telemetry-----------------
2067
:: ----------------------------------------------------------
2068
echo --- Disable license telemetry
2069
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform!NoGenTicket"
2070
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform' /v 'NoGenTicket' /t 'REG_DWORD' /d "^""$data"^"" /f"
2071
:: ----------------------------------------------------------
2072
 
2073
 
2074
:: ----------------------------------------------------------
2075
:: -----------------Disable error reporting------------------
2076
:: ----------------------------------------------------------
2077
echo --- Disable error reporting
2078
:: Disable Windows Error Reporting (WER)
2079
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting!Disabled"
2080
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting' /v 'Disabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2081
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting!Disabled"
2082
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting' /v 'Disabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2083
:: Disable Windows Error Reporting (WER) consent
2084
:: Set the registry value: "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent"
2085
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent'; $data =  '1'; reg add 'HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent' /v 'DefaultConsent' /t 'REG_DWORD' /d "^""$data"^"" /f"
2086
:: Set the registry value: "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior"
2087
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent'; $data =  '1'; reg add 'HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent' /v 'DefaultOverrideBehavior' /t 'REG_DWORD' /d "^""$data"^"" /f"
2088
:: Disable WER sending second-level data
2089
:: Set the registry value: "HKLM\Software\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData"
2090
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\Windows Error Reporting'; $data =  '1'; reg add 'HKLM\Software\Microsoft\Windows\Windows Error Reporting' /v 'DontSendAdditionalData' /t 'REG_DWORD' /d "^""$data"^"" /f"
2091
:: Set the registry value: "HKLM\Software\Microsoft\Windows\Windows Error Reporting!LoggingDisabled"
2092
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\Windows Error Reporting'; $data =  '1'; reg add 'HKLM\Software\Microsoft\Windows\Windows Error Reporting' /v 'LoggingDisabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2093
:: Disable scheduled task(s): `\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate`
2094
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\ErrorDetails\'; $taskNamePattern='EnableErrorDetailsUpdate'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2095
:: Disable scheduled task(s): `\Microsoft\Windows\Windows Error Reporting\QueueReporting`
2096
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Windows Error Reporting\'; $taskNamePattern='QueueReporting'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2097
:: Disable service(s): `wersvc`
2098
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'wersvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2099
:: Disable service(s): `wercplsupport`
2100
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'wercplsupport'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2101
:: ----------------------------------------------------------
2102
 
2103
 
2104
:: Disable active connectivity tests (breaks internet connection status, captive portals)
2105
echo --- Disable active connectivity tests (breaks internet connection status, captive portals)
2106
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!NoActiveProbe"
2107
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator' /v 'NoActiveProbe' /t 'REG_DWORD' /d "^""$data"^"" /f"
2108
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet!EnableActiveProbing"
2109
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet' /v 'EnableActiveProbing' /t 'REG_DWORD' /d "^""$data"^"" /f"
2110
:: Suggest restarting computer for changes to take effect
2111
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2112
:: ----------------------------------------------------------
2113
 
2114
 
2115
:: Disable passive connectivity tests (breaks internet connection status)
2116
echo --- Disable passive connectivity tests (breaks internet connection status)
2117
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!DisablePassivePolling"
2118
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator' /v 'DisablePassivePolling' /t 'REG_DWORD' /d "^""$data"^"" /f"
2119
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet!PassivePollPeriod"
2120
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet' /v 'PassivePollPeriod' /t 'REG_DWORD' /d "^""$data"^"" /f"
2121
:: ----------------------------------------------------------
2122
 
2123
 
2124
:: Remove "Network Connectivity Status Indicator (NCSI)" app (breaks internet connection status icon)
2125
echo --- Remove "Network Connectivity Status Indicator (NCSI)" app (breaks internet connection status icon)
2126
:: Enable removal of system app 'NcsiUwpApp' by marking it as "EndOfLife"
2127
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\NcsiUwpApp_8wekyb3d8bbwe" registry key
2128
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\NcsiUwpApp_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
2129
:: Uninstall 'NcsiUwpApp' Store app
2130
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'NcsiUwpApp' | Remove-AppxPackage"
2131
:: Mark 'NcsiUwpApp' as deprovisioned to block reinstall during Windows updates.
2132
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\NcsiUwpApp_8wekyb3d8bbwe" registry key
2133
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\NcsiUwpApp_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
2134
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\NcsiUwpApp_8wekyb3d8bbwe" (Revert 'NcsiUwpApp' to its default, non-removable state.)
2135
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\NcsiUwpApp_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
2136
:: ----------------------------------------------------------
2137
 
2138
 
2139
:: Block Microsoft connectivity check hosts (breaks internet connection status, captive portals)
2140
echo --- Block Microsoft connectivity check hosts (breaks internet connection status, captive portals)
2141
:: Add hosts entries for msftncsi.com
2142
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='msftncsi.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
2143
:: Add hosts entries for dns.msftncsi.com
2144
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='dns.msftncsi.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
2145
:: Add hosts entries for ipv6.msftncsi.com
2146
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ipv6.msftncsi.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
2147
:: Add hosts entries for msftconnecttest.com
2148
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='msftconnecttest.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
2149
:: Add hosts entries for www.msftconnecttest.com
2150
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='www.msftconnecttest.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
2151
:: Add hosts entries for ipv6.msftconnecttest.com
2152
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='ipv6.msftconnecttest.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
2153
:: ----------------------------------------------------------
2154
 
2155
 
2156
:: Disable "Network Location Awareness (NLA)" service (breaks auto-reconnect, connectivity status, network identification)
2157
echo --- Disable "Network Location Awareness (NLA)" service (breaks auto-reconnect, connectivity status, network identification)
2158
:: Disable service(s): `NlaSvc`
2159
:: This operation will not run on Windows versions later than Windows10-MostRecent.
2160
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $serviceName = 'NlaSvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2161
:: ----------------------------------------------------------
2162
 
2163
 
2164
:: Disable "Network List Service (NLS)" service (breaks connectivity status, network identification, network connection icon, connectivity with some Microsoft apps)
2165
echo --- Disable "Network List Service (NLS)" service (breaks connectivity status, network identification, network connection icon, connectivity with some Microsoft apps)
2166
:: Disable service(s): `netprofm`
2167
:: This operation will not run on Windows versions later than Windows10-MostRecent.
2168
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $serviceName = 'netprofm'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2169
:: ----------------------------------------------------------
2170
 
2171
 
2172
:: ----------------------------------------------------------
2173
:: ----------Disable update and app peer downloads-----------
2174
:: ----------------------------------------------------------
2175
echo --- Disable update and app peer downloads
2176
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DODownloadMode"
2177
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization' /v 'DODownloadMode' /t 'REG_DWORD' /d "^""$data"^"" /f"
2178
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config!DODownloadMode"
2179
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config' /v 'DODownloadMode' /t 'REG_DWORD' /d "^""$data"^"" /f"
2180
:: Set the registry value: "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings!DownloadMode"
2181
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings'; $data =  '0'; reg add 'HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings' /v 'DownloadMode' /t 'REG_DWORD' /d "^""$data"^"" /f"
2182
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization!SystemSettingsDownloadMode"
2183
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization' /v 'SystemSettingsDownloadMode' /t 'REG_DWORD' /d "^""$data"^"" /f"
2184
:: ----------------------------------------------------------
2185
 
2186
 
2187
:: Disable Delivery Optimization service (breaks Windows Update & Store downloads)
2188
echo --- Disable Delivery Optimization service (breaks Windows Update ^& Store downloads)
2189
:: Disable the service `DoSvc` 
2190
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'DoSvc'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
2191
:: ----------------------------------------------------------
2192
 
2193
 
2194
:: ----------------------------------------------------------
2195
:: ------------Disable Windows Location Provider-------------
2196
:: ----------------------------------------------------------
2197
echo --- Disable Windows Location Provider
2198
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors!DisableWindowsLocationProvider"
2199
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors' /v 'DisableWindowsLocationProvider' /t 'REG_DWORD' /d "^""$data"^"" /f"
2200
:: ----------------------------------------------------------
2201
 
2202
 
2203
:: ----------------------------------------------------------
2204
:: ----------------Disable location scripting----------------
2205
:: ----------------------------------------------------------
2206
echo --- Disable location scripting
2207
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting"
2208
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors' /v 'DisableLocationScripting' /t 'REG_DWORD' /d "^""$data"^"" /f"
2209
:: ----------------------------------------------------------
2210
 
2211
 
2212
:: ----------------------------------------------------------
2213
:: ---------------------Disable location---------------------
2214
:: ----------------------------------------------------------
2215
echo --- Disable location
2216
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation"
2217
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors' /v 'DisableLocation' /t 'REG_DWORD' /d "^""$data"^"" /f"
2218
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}!Value"
2219
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2220
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}!SensorPermissionState"
2221
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}' /v 'SensorPermissionState' /t 'REG_DWORD' /d "^""$data"^"" /f"
2222
:: ----------------------------------------------------------
2223
 
2224
 
2225
:: ----------------------------------------------------------
2226
:: -----------Disable search's access to location------------
2227
:: ----------------------------------------------------------
2228
echo --- Disable search's access to location
2229
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowSearchToUseLocation"
2230
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'AllowSearchToUseLocation' /t 'REG_DWORD' /d "^""$data"^"" /f"
2231
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!AllowSearchToUseLocation"
2232
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'AllowSearchToUseLocation' /t 'REG_DWORD' /d "^""$data"^"" /f"
2233
:: Suggest restarting explorer.exe for changes to take effect
2234
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2235
:: ----------------------------------------------------------
2236
 
2237
 
2238
:: ----------------------------------------------------------
2239
:: -Disable local search history (breaks recent suggestions)-
2240
:: ----------------------------------------------------------
2241
echo --- Disable local search history (breaks recent suggestions)
2242
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\Explorer!DisableSearchHistory"
2243
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\Explorer'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\Explorer' /v 'DisableSearchHistory' /t 'REG_DWORD' /d "^""$data"^"" /f"
2244
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\SearchSettings!IsDeviceSearchHistoryEnabled"
2245
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\SearchSettings'; $data =  '1'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\SearchSettings' /v 'IsDeviceSearchHistoryEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2246
:: Suggest restarting explorer.exe for changes to take effect
2247
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2248
:: ----------------------------------------------------------
2249
 
2250
 
2251
:: ----------------------------------------------------------
2252
:: ---Disable sharing personal search data with Microsoft----
2253
:: ----------------------------------------------------------
2254
echo --- Disable sharing personal search data with Microsoft
2255
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy"
2256
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '3'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'ConnectedSearchPrivacy' /t 'REG_DWORD' /d "^""$data"^"" /f"
2257
:: Suggest restarting explorer.exe for changes to take effect
2258
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2259
:: ----------------------------------------------------------
2260
 
2261
 
2262
:: ----------------------------------------------------------
2263
:: -----Disable personal cloud content search in taskbar-----
2264
:: ----------------------------------------------------------
2265
echo --- Disable personal cloud content search in taskbar
2266
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings!IsMSACloudSearchEnabled"
2267
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings' /v 'IsMSACloudSearchEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2268
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings!IsAADCloudSearchEnabled"
2269
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings' /v 'IsAADCloudSearchEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2270
:: Suggest restarting explorer.exe for changes to take effect
2271
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2272
:: ----------------------------------------------------------
2273
 
2274
 
2275
:: ----------------------------------------------------------
2276
:: -------Disable ad customization with Advertising ID-------
2277
:: ----------------------------------------------------------
2278
echo --- Disable ad customization with Advertising ID
2279
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo!Enabled"
2280
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2281
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo!DisabledByGroupPolicy"
2282
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo' /v 'DisabledByGroupPolicy' /t 'REG_DWORD' /d "^""$data"^"" /f"
2283
:: ----------------------------------------------------------
2284
 
2285
 
2286
:: ----------------------------------------------------------
2287
:: --------Disable suggested content in Settings app---------
2288
:: ----------------------------------------------------------
2289
echo --- Disable suggested content in Settings app
2290
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager!SubscribedContent-338393Enabled"
2291
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'SubscribedContent-338393Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2292
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager!SubscribedContent-353694Enabled"
2293
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'SubscribedContent-353694Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2294
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager!SubscribedContent-353696Enabled"
2295
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v 'SubscribedContent-353696Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2296
:: ----------------------------------------------------------
2297
 
2298
 
2299
:: ----------------------------------------------------------
2300
:: ----------------Disable use of biometrics-----------------
2301
:: ----------------------------------------------------------
2302
echo --- Disable use of biometrics
2303
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Biometrics!Enabled"
2304
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Biometrics'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Biometrics' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2305
:: ----------------------------------------------------------
2306
 
2307
 
2308
:: ----------------------------------------------------------
2309
:: -----------------Disable biometric logon------------------
2310
:: ----------------------------------------------------------
2311
echo --- Disable biometric logon
2312
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Enabled"
2313
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2314
:: ----------------------------------------------------------
2315
 
2316
 
2317
:: ----------------------------------------------------------
2318
:: -----------Disable "Windows Biometric Service"------------
2319
:: ----------------------------------------------------------
2320
echo --- Disable "Windows Biometric Service"
2321
:: Disable service(s): `WbioSrvc`
2322
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'WbioSrvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2323
:: ----------------------------------------------------------
2324
 
2325
 
2326
:: ----------------------------------------------------------
2327
:: ------------Disable "Windows Insider Service"-------------
2328
:: ----------------------------------------------------------
2329
echo --- Disable "Windows Insider Service"
2330
:: Disable service(s): `wisvc`
2331
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'wisvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2332
:: ----------------------------------------------------------
2333
 
2334
 
2335
:: ----------------------------------------------------------
2336
:: -------------Disable Microsoft feature trials-------------
2337
:: ----------------------------------------------------------
2338
echo --- Disable Microsoft feature trials
2339
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds!EnableExperimentation"
2340
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds' /v 'EnableExperimentation' /t 'REG_DWORD' /d "^""$data"^"" /f"
2341
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds!EnableConfigFlighting"
2342
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds' /v 'EnableConfigFlighting' /t 'REG_DWORD' /d "^""$data"^"" /f"
2343
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation!value"
2344
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
2345
:: ----------------------------------------------------------
2346
 
2347
 
2348
:: ----------------------------------------------------------
2349
:: --------Disable receipt of Windows preview builds---------
2350
:: ----------------------------------------------------------
2351
echo --- Disable receipt of Windows preview builds
2352
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds!AllowBuildPreview"
2353
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds' /v 'AllowBuildPreview' /t 'REG_DWORD' /d "^""$data"^"" /f"
2354
:: ----------------------------------------------------------
2355
 
2356
 
2357
:: ----------------------------------------------------------
2358
:: ------Remove "Windows Insider Program" from Settings------
2359
:: ----------------------------------------------------------
2360
echo --- Remove "Windows Insider Program" from Settings
2361
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility!HideInsiderPage"
2362
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility' /v 'HideInsiderPage' /t 'REG_DWORD' /d "^""$data"^"" /f"
2363
:: ----------------------------------------------------------
2364
 
2365
 
2366
:: ----------------------------------------------------------
2367
:: -----------Disable all settings synchronization-----------
2368
:: ----------------------------------------------------------
2369
echo --- Disable all settings synchronization
2370
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableSettingSync"
2371
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2372
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableSettingSyncUserOverride"
2373
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2374
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableSyncOnPaidNetwork"
2375
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableSyncOnPaidNetwork' /t 'REG_DWORD' /d "^""$data"^"" /f"
2376
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!SyncPolicy"
2377
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '5'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'SyncPolicy' /t 'REG_DWORD' /d "^""$data"^"" /f"
2378
:: ----------------------------------------------------------
2379
 
2380
 
2381
:: ----------------------------------------------------------
2382
:: ------Disable "Application" setting synchronization-------
2383
:: ----------------------------------------------------------
2384
echo --- Disable "Application" setting synchronization
2385
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync"
2386
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableApplicationSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2387
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSyncUserOverride"
2388
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableApplicationSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2389
:: ----------------------------------------------------------
2390
 
2391
 
2392
:: ----------------------------------------------------------
2393
:: --------Disable "App Sync" setting synchronization--------
2394
:: ----------------------------------------------------------
2395
echo --- Disable "App Sync" setting synchronization
2396
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync"
2397
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableAppSyncSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2398
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSyncUserOverride"
2399
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableAppSyncSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2400
:: ----------------------------------------------------------
2401
 
2402
 
2403
:: ----------------------------------------------------------
2404
:: ------Disable "Credentials" setting synchronization-------
2405
:: ----------------------------------------------------------
2406
echo --- Disable "Credentials" setting synchronization
2407
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync"
2408
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableCredentialsSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2409
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSyncUserOverride"
2410
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableCredentialsSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2411
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials!Enabled"
2412
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2413
:: ----------------------------------------------------------
2414
 
2415
 
2416
:: ----------------------------------------------------------
2417
:: -----Disable "Desktop Theme" setting synchronization------
2418
:: ----------------------------------------------------------
2419
echo --- Disable "Desktop Theme" setting synchronization
2420
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync"
2421
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableDesktopThemeSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2422
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSyncUserOverride"
2423
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableDesktopThemeSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2424
:: ----------------------------------------------------------
2425
 
2426
 
2427
:: ----------------------------------------------------------
2428
:: ----Disable "Personalization" setting synchronization-----
2429
:: ----------------------------------------------------------
2430
echo --- Disable "Personalization" setting synchronization
2431
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync"
2432
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisablePersonalizationSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2433
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSyncUserOverride"
2434
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisablePersonalizationSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2435
:: ----------------------------------------------------------
2436
 
2437
 
2438
:: ----------------------------------------------------------
2439
:: ------Disable "Start Layout" setting synchronization------
2440
:: ----------------------------------------------------------
2441
echo --- Disable "Start Layout" setting synchronization
2442
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync"
2443
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableStartLayoutSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2444
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSyncUserOverride"
2445
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableStartLayoutSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2446
:: ----------------------------------------------------------
2447
 
2448
 
2449
:: ----------------------------------------------------------
2450
:: ------Disable "Web Browser" setting synchronization-------
2451
:: ----------------------------------------------------------
2452
echo --- Disable "Web Browser" setting synchronization
2453
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync"
2454
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableWebBrowserSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2455
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSyncUserOverride"
2456
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableWebBrowserSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2457
:: ----------------------------------------------------------
2458
 
2459
 
2460
:: ----------------------------------------------------------
2461
:: --------Disable "Windows" setting synchronization---------
2462
:: ----------------------------------------------------------
2463
echo --- Disable "Windows" setting synchronization
2464
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync"
2465
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableWindowsSettingSync' /t 'REG_DWORD' /d "^""$data"^"" /f"
2466
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSyncUserOverride"
2467
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync' /v 'DisableWindowsSettingSyncUserOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
2468
:: ----------------------------------------------------------
2469
 
2470
 
2471
:: ----------------------------------------------------------
2472
:: --------Disable "Language" setting synchronization--------
2473
:: ----------------------------------------------------------
2474
echo --- Disable "Language" setting synchronization
2475
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language!Enabled"
2476
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2477
:: ----------------------------------------------------------
2478
 
2479
 
2480
:: ----------------------------------------------------------
2481
:: ---------Disable app access to "Documents" folder---------
2482
:: ----------------------------------------------------------
2483
echo --- Disable app access to "Documents" folder
2484
:: Disable app capability (documentsLibrary) using user privacy settings
2485
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary!Value"
2486
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2487
:: ----------------------------------------------------------
2488
 
2489
 
2490
:: ----------------------------------------------------------
2491
:: ---------Disable app access to "Pictures" folder----------
2492
:: ----------------------------------------------------------
2493
echo --- Disable app access to "Pictures" folder
2494
:: Disable app capability (picturesLibrary) using user privacy settings
2495
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary!Value"
2496
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2497
:: ----------------------------------------------------------
2498
 
2499
 
2500
:: ----------------------------------------------------------
2501
:: ----------Disable app access to "Videos" folder-----------
2502
:: ----------------------------------------------------------
2503
echo --- Disable app access to "Videos" folder
2504
:: Disable app capability (videosLibrary) using user privacy settings
2505
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary!Value"
2506
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2507
:: ----------------------------------------------------------
2508
 
2509
 
2510
:: ----------------------------------------------------------
2511
:: -----------Disable app access to "Music" folder-----------
2512
:: ----------------------------------------------------------
2513
echo --- Disable app access to "Music" folder
2514
:: Disable app capability (musicLibrary) using user privacy settings
2515
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\musicLibrary!Value"
2516
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\musicLibrary'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\musicLibrary' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2517
:: ----------------------------------------------------------
2518
 
2519
 
2520
:: ----------------------------------------------------------
2521
:: -----------Disable app access to personal files-----------
2522
:: ----------------------------------------------------------
2523
echo --- Disable app access to personal files
2524
:: Disable app capability (broadFileSystemAccess) using user privacy settings
2525
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess!Value"
2526
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2527
:: ----------------------------------------------------------
2528
 
2529
 
2530
:: ----------------------------------------------------------
2531
:: ------------Disable app access to call history------------
2532
:: ----------------------------------------------------------
2533
echo --- Disable app access to call history
2534
:: Disable app access (LetAppsAccessCallHistory) using GPO (re-activation through GUI is not possible)
2535
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCallHistory"
2536
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCallHistory' /t 'REG_DWORD' /d "^""$data"^"" /f"
2537
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCallHistory_UserInControlOfTheseApps"
2538
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCallHistory_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2539
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCallHistory_ForceAllowTheseApps"
2540
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCallHistory_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2541
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCallHistory_ForceDenyTheseApps"
2542
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessCallHistory_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2543
:: Disable app capability (phoneCallHistory) using user privacy settings
2544
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory!Value"
2545
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2546
:: Disable app access ({8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}) in older Windows versions (before 1903)
2547
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}!Value"
2548
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2549
:: ----------------------------------------------------------
2550
 
2551
 
2552
:: Disable app access to phone calls (breaks phone calls through Phone Link)
2553
echo --- Disable app access to phone calls (breaks phone calls through Phone Link)
2554
:: Disable app access (LetAppsAccessPhone) using GPO (re-activation through GUI is not possible)
2555
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessPhone"
2556
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessPhone' /t 'REG_DWORD' /d "^""$data"^"" /f"
2557
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessPhone_UserInControlOfTheseApps"
2558
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessPhone_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2559
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessPhone_ForceAllowTheseApps"
2560
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessPhone_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2561
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessPhone_ForceDenyTheseApps"
2562
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessPhone_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2563
:: Disable app capability (phoneCall) using user privacy settings
2564
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCall!Value"
2565
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCall'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCall' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2566
:: ----------------------------------------------------------
2567
 
2568
 
2569
:: ----------------------------------------------------------
2570
:: -------Disable app access to messaging (SMS / MMS)--------
2571
:: ----------------------------------------------------------
2572
echo --- Disable app access to messaging (SMS / MMS)
2573
:: Disable app access (LetAppsAccessMessaging) using GPO (re-activation through GUI is not possible)
2574
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMessaging"
2575
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMessaging' /t 'REG_DWORD' /d "^""$data"^"" /f"
2576
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMessaging_UserInControlOfTheseApps"
2577
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMessaging_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2578
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMessaging_ForceAllowTheseApps"
2579
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMessaging_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2580
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMessaging_ForceDenyTheseApps"
2581
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsAccessMessaging_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2582
:: Disable app capability (chat) using user privacy settings
2583
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat!Value"
2584
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2585
:: Disable app access ({992AFA70-6F47-4148-B3E9-3003349C1548}) in older Windows versions (before 1903)
2586
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}!Value"
2587
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2588
:: Disable app access ({21157C1F-2651-4CC1-90CA-1F28B02263F6}) in older Windows versions (before 1903)
2589
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{21157C1F-2651-4CC1-90CA-1F28B02263F6}!Value"
2590
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{21157C1F-2651-4CC1-90CA-1F28B02263F6}'; $data =  'Deny'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{21157C1F-2651-4CC1-90CA-1F28B02263F6}' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2591
:: ----------------------------------------------------------
2592
 
2593
 
2594
:: ----------------------------------------------------------
2595
:: ------Disable app access to paired Bluetooth devices------
2596
:: ----------------------------------------------------------
2597
echo --- Disable app access to paired Bluetooth devices
2598
:: Disable app capability (bluetooth) using user privacy settings
2599
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetooth!Value"
2600
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetooth'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetooth' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2601
:: ----------------------------------------------------------
2602
 
2603
 
2604
:: ----------------------------------------------------------
2605
:: -----Disable app access to unpaired Bluetooth devices-----
2606
:: ----------------------------------------------------------
2607
echo --- Disable app access to unpaired Bluetooth devices
2608
:: Disable app capability (bluetoothSync) using user privacy settings
2609
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync!Value"
2610
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync'; $data =  'Deny'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync' /v 'Value' /t 'REG_SZ' /d "^""$data"^"" /f"
2611
:: ----------------------------------------------------------
2612
 
2613
 
2614
:: ----------------------------------------------------------
2615
:: ----------Disable app access to voice activation----------
2616
:: ----------------------------------------------------------
2617
echo --- Disable app access to voice activation
2618
:: Disable app access (LetAppsActivateWithVoice) using GPO (re-activation through GUI is not possible)
2619
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoice"
2620
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoice' /t 'REG_DWORD' /d "^""$data"^"" /f"
2621
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoice_UserInControlOfTheseApps"
2622
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoice_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2623
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoice_ForceAllowTheseApps"
2624
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoice_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2625
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoice_ForceDenyTheseApps"
2626
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoice_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2627
:: Set the registry value: "HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps!AgentActivationEnabled"
2628
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps' /v 'AgentActivationEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2629
:: ----------------------------------------------------------
2630
 
2631
 
2632
:: ----------------------------------------------------------
2633
:: -Disable app access to voice activation on locked system--
2634
:: ----------------------------------------------------------
2635
echo --- Disable app access to voice activation on locked system
2636
:: Disable app access (LetAppsActivateWithVoiceAboveLock) using GPO (re-activation through GUI is not possible)
2637
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoiceAboveLock"
2638
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoiceAboveLock' /t 'REG_DWORD' /d "^""$data"^"" /f"
2639
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoiceAboveLock_UserInControlOfTheseApps"
2640
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoiceAboveLock_UserInControlOfTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2641
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoiceAboveLock_ForceAllowTheseApps"
2642
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoiceAboveLock_ForceAllowTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2643
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy!LetAppsActivateWithVoiceAboveLock_ForceDenyTheseApps"
2644
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy'; $data =  '\0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' /v 'LetAppsActivateWithVoiceAboveLock_ForceDenyTheseApps' /t 'REG_MULTI_SZ' /d "^""$data"^"" /f"
2645
:: Set the registry value: "HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps!AgentActivationOnLockScreenEnabled"
2646
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps' /v 'AgentActivationOnLockScreenEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
2647
:: ----------------------------------------------------------
2648
 
2649
 
2650
:: Disable automatic Software Quality Metrics (SQM) data transmission
2651
echo --- Disable automatic Software Quality Metrics (SQM) data transmission
2652
:: Disable scheduled task(s): `\Microsoft\Windows\Autochk\Proxy`
2653
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Autochk\'; $taskNamePattern='Proxy'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2654
:: ----------------------------------------------------------
2655
 
2656
 
2657
:: ----------------------------------------------------------
2658
:: -Disable kernel-level customer experience data collection-
2659
:: ----------------------------------------------------------
2660
echo --- Disable kernel-level customer experience data collection
2661
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask`
2662
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\'; $taskNamePattern='KernelCeipTask'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2663
:: ----------------------------------------------------------
2664
 
2665
 
2666
:: ----------------------------------------------------------
2667
:: ---------Disable Bluetooth usage data collection----------
2668
:: ----------------------------------------------------------
2669
echo --- Disable Bluetooth usage data collection
2670
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\BthSQM`
2671
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\'; $taskNamePattern='BthSQM'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2672
:: ----------------------------------------------------------
2673
 
2674
 
2675
:: ----------------------------------------------------------
2676
:: ---------Disable disk diagnostic data collection----------
2677
:: ----------------------------------------------------------
2678
echo --- Disable disk diagnostic data collection
2679
:: Disable scheduled task(s): `\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector`
2680
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\DiskDiagnostic\'; $taskNamePattern='Microsoft-Windows-DiskDiagnosticDataCollector'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2681
:: ----------------------------------------------------------
2682
 
2683
 
2684
:: ----------------------------------------------------------
2685
:: --------Disable disk diagnostic user notifications--------
2686
:: ----------------------------------------------------------
2687
echo --- Disable disk diagnostic user notifications
2688
:: Disable scheduled task(s): `\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver`
2689
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\DiskDiagnostic\'; $taskNamePattern='Microsoft-Windows-DiskDiagnosticResolver'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2690
:: ----------------------------------------------------------
2691
 
2692
 
2693
:: ----------------------------------------------------------
2694
:: ---------------Disable USB data collection----------------
2695
:: ----------------------------------------------------------
2696
echo --- Disable USB data collection
2697
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip`
2698
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\'; $taskNamePattern='UsbCeip'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2699
:: ----------------------------------------------------------
2700
 
2701
 
2702
:: ----------------------------------------------------------
2703
:: ------Disable customer experience data consolidation------
2704
:: ----------------------------------------------------------
2705
echo --- Disable customer experience data consolidation
2706
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\Consolidator`
2707
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\'; $taskNamePattern='Consolidator'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2708
:: ----------------------------------------------------------
2709
 
2710
 
2711
:: ----------------------------------------------------------
2712
:: ---------Disable customer experience data uploads---------
2713
:: ----------------------------------------------------------
2714
echo --- Disable customer experience data uploads
2715
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\Uploader`
2716
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\'; $taskNamePattern='Uploader'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2717
:: ----------------------------------------------------------
2718
 
2719
 
2720
:: ----------------------------------------------------------
2721
:: ----Disable server customer experience data assistant-----
2722
:: ----------------------------------------------------------
2723
echo --- Disable server customer experience data assistant
2724
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant`
2725
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\Server\'; $taskNamePattern='ServerCeipAssistant'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2726
:: ----------------------------------------------------------
2727
 
2728
 
2729
:: ----------------------------------------------------------
2730
:: ---------Disable server role telemetry collection---------
2731
:: ----------------------------------------------------------
2732
echo --- Disable server role telemetry collection
2733
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector`
2734
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\Server\'; $taskNamePattern='ServerRoleCollector'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2735
:: ----------------------------------------------------------
2736
 
2737
 
2738
:: ----------------------------------------------------------
2739
:: --------Disable server role usage data collection---------
2740
:: ----------------------------------------------------------
2741
echo --- Disable server role usage data collection
2742
:: Disable scheduled task(s): `\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector`
2743
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Customer Experience Improvement Program\Server\'; $taskNamePattern='ServerRoleUsageCollector'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2744
:: ----------------------------------------------------------
2745
 
2746
 
2747
:: Disable daily compatibility data collection ("Microsoft Compatibility Appraiser" task)
2748
echo --- Disable daily compatibility data collection ("Microsoft Compatibility Appraiser" task)
2749
:: Disable scheduled task(s): `\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser`
2750
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Application Experience\'; $taskNamePattern='Microsoft Compatibility Appraiser'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2751
:: ----------------------------------------------------------
2752
 
2753
 
2754
:: Disable telemetry collector and sender process (`CompatTelRunner.exe`)
2755
echo --- Disable telemetry collector and sender process (`CompatTelRunner.exe`)
2756
:: Check and terminate the running process "CompatTelRunner.exe"
2757
tasklist /fi "ImageName eq CompatTelRunner.exe" /fo csv 2>NUL | find /i "CompatTelRunner.exe">NUL && (
2758
    echo CompatTelRunner.exe is running and will be killed.
2759
    taskkill /f /im CompatTelRunner.exe
2760
) || (
2761
    echo Skipping, CompatTelRunner.exe is not running.
2762
)
2763
:: Configure termination of "CompatTelRunner.exe" immediately upon its startup
2764
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe!Debugger"
2765
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
2766
:: Add a rule to prevent the executable "CompatTelRunner.exe" from running via File Explorer
2767
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='CompatTelRunner.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
2768
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
2769
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
2770
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\CompatTelRunner.exe" with additional permissions 
2771
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\CompatTelRunner.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
2772
:: ----------------------------------------------------------
2773
 
2774
 
2775
:: Disable program data collection and reporting (`ProgramDataUpdater`)
2776
echo --- Disable program data collection and reporting (`ProgramDataUpdater`)
2777
:: Disable scheduled task(s): `\Microsoft\Windows\Application Experience\ProgramDataUpdater`
2778
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Application Experience\'; $taskNamePattern='ProgramDataUpdater'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2779
:: ----------------------------------------------------------
2780
 
2781
 
2782
:: ----------------------------------------------------------
2783
:: -----Disable application usage tracking (`AitAgent`)------
2784
:: ----------------------------------------------------------
2785
echo --- Disable application usage tracking (`AitAgent`)
2786
:: Disable scheduled task(s): `\Microsoft\Windows\Application Experience\AitAgent`
2787
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Application Experience\'; $taskNamePattern='AitAgent'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2788
:: ----------------------------------------------------------
2789
 
2790
 
2791
:: Disable startup application data tracking (`StartupAppTask`)
2792
echo --- Disable startup application data tracking (`StartupAppTask`)
2793
:: Disable scheduled task(s): `\Microsoft\Windows\Application Experience\StartupAppTask`
2794
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Application Experience\'; $taskNamePattern='StartupAppTask'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2795
:: ----------------------------------------------------------
2796
 
2797
 
2798
:: ----------------------------------------------------------
2799
:: Disable software compatibility updates (`PcaPatchDbTask`)-
2800
:: ----------------------------------------------------------
2801
echo --- Disable software compatibility updates (`PcaPatchDbTask`)
2802
:: Disable scheduled task(s): `\Microsoft\Windows\Application Experience\PcaPatchDbTask`
2803
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Application Experience\'; $taskNamePattern='PcaPatchDbTask'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2804
:: ----------------------------------------------------------
2805
 
2806
 
2807
:: Disable compatibility adjustment data sharing (`SdbinstMergeDbTask`)
2808
echo --- Disable compatibility adjustment data sharing (`SdbinstMergeDbTask`)
2809
:: Disable scheduled task(s): `\Microsoft\Windows\Application Experience\SdbinstMergeDbTask`
2810
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Application Experience\'; $taskNamePattern='SdbinstMergeDbTask'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2811
:: ----------------------------------------------------------
2812
 
2813
 
2814
:: ----------------------------------------------------------
2815
:: -Disable application backup data gathering (`MareBackup`)-
2816
:: ----------------------------------------------------------
2817
echo --- Disable application backup data gathering (`MareBackup`)
2818
:: Disable scheduled task(s): `\Microsoft\Windows\Application Experience\MareBackup`
2819
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Application Experience\'; $taskNamePattern='MareBackup'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2820
:: ----------------------------------------------------------
2821
 
2822
 
2823
:: ----------------------------------------------------------
2824
:: -Disable "Program Compatibility Assistant (PCA)" feature--
2825
:: ----------------------------------------------------------
2826
echo --- Disable "Program Compatibility Assistant (PCA)" feature
2827
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat!DisablePCA"
2828
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat' /v 'DisablePCA' /t 'REG_DWORD' /d "^""$data"^"" /f"
2829
:: ----------------------------------------------------------
2830
 
2831
 
2832
:: Disable "Program Compatibility Assistant Service" (`PcaSvc`)
2833
echo --- Disable "Program Compatibility Assistant Service" (`PcaSvc`)
2834
:: Disable service(s): `PcaSvc`
2835
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'PcaSvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2836
:: ----------------------------------------------------------
2837
 
2838
 
2839
:: Disable "Connected User Experiences and Telemetry" (`DiagTrack`) service
2840
echo --- Disable "Connected User Experiences and Telemetry" (`DiagTrack`) service
2841
:: Disable service(s): `DiagTrack`
2842
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'DiagTrack'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2843
:: ----------------------------------------------------------
2844
 
2845
 
2846
:: ----------------------------------------------------------
2847
:: ------Disable WAP push notification routing service-------
2848
:: ----------------------------------------------------------
2849
echo --- Disable WAP push notification routing service
2850
:: Disable service(s): `dmwappushservice`
2851
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'dmwappushservice'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2852
:: ----------------------------------------------------------
2853
 
2854
 
2855
:: ----------------------------------------------------------
2856
:: ---Disable "Diagnostics Hub Standard Collector" service---
2857
:: ----------------------------------------------------------
2858
echo --- Disable "Diagnostics Hub Standard Collector" service
2859
:: Disable service(s): `diagnosticshub.standardcollector.service`
2860
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'diagnosticshub.standardcollector.service'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2861
:: ----------------------------------------------------------
2862
 
2863
 
2864
:: ----------------------------------------------------------
2865
:: ----Disable "Diagnostic Execution Service" (`diagsvc`)----
2866
:: ----------------------------------------------------------
2867
echo --- Disable "Diagnostic Execution Service" (`diagsvc`)
2868
:: Disable service(s): `diagsvc`
2869
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'diagsvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
2870
:: ----------------------------------------------------------
2871
 
2872
 
2873
:: ----------------------------------------------------------
2874
:: ------------------Disable "Device" task-------------------
2875
:: ----------------------------------------------------------
2876
echo --- Disable "Device" task
2877
:: Disable scheduled task(s): `\Microsoft\Windows\Device Information\Device`
2878
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Device Information\'; $taskNamePattern='Device'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2879
:: ----------------------------------------------------------
2880
 
2881
 
2882
:: ----------------------------------------------------------
2883
:: ----------------Disable "Device User" task----------------
2884
:: ----------------------------------------------------------
2885
echo --- Disable "Device User" task
2886
:: Disable scheduled task(s): `\Microsoft\Windows\Device Information\Device User`
2887
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Device Information\'; $taskNamePattern='Device User'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
2888
:: ----------------------------------------------------------
2889
 
2890
 
2891
:: ----------------------------------------------------------
2892
:: --Disable device and configuration data collection tool---
2893
:: ----------------------------------------------------------
2894
echo --- Disable device and configuration data collection tool
2895
:: Check and terminate the running process "DeviceCensus.exe"
2896
tasklist /fi "ImageName eq DeviceCensus.exe" /fo csv 2>NUL | find /i "DeviceCensus.exe">NUL && (
2897
    echo DeviceCensus.exe is running and will be killed.
2898
    taskkill /f /im DeviceCensus.exe
2899
) || (
2900
    echo Skipping, DeviceCensus.exe is not running.
2901
)
2902
:: Configure termination of "DeviceCensus.exe" immediately upon its startup
2903
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe!Debugger"
2904
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
2905
:: Add a rule to prevent the executable "DeviceCensus.exe" from running via File Explorer
2906
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='DeviceCensus.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
2907
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
2908
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
2909
:: ----------------------------------------------------------
2910
 
2911
 
2912
:: ----------------------------------------------------------
2913
:: --------Disable commercial usage of collected data--------
2914
:: ----------------------------------------------------------
2915
echo --- Disable commercial usage of collected data
2916
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!AllowCommercialDataPipeline"
2917
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'AllowCommercialDataPipeline' /t 'REG_DWORD' /d "^""$data"^"" /f"
2918
:: ----------------------------------------------------------
2919
 
2920
 
2921
:: ----------------------------------------------------------
2922
:: ---------Disable processing of Desktop Analytics----------
2923
:: ----------------------------------------------------------
2924
echo --- Disable processing of Desktop Analytics
2925
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!AllowDesktopAnalyticsProcessing"
2926
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'AllowDesktopAnalyticsProcessing' /t 'REG_DWORD' /d "^""$data"^"" /f"
2927
:: ----------------------------------------------------------
2928
 
2929
 
2930
:: ----------------------------------------------------------
2931
:: --Disable sending device name in Windows diagnostic data--
2932
:: ----------------------------------------------------------
2933
echo --- Disable sending device name in Windows diagnostic data
2934
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!AllowDeviceNameInTelemetry"
2935
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'AllowDeviceNameInTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
2936
:: ----------------------------------------------------------
2937
 
2938
 
2939
:: Disable collection of Edge browsing data for Desktop Analytics
2940
echo --- Disable collection of Edge browsing data for Desktop Analytics
2941
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!MicrosoftEdgeDataOptIn"
2942
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'MicrosoftEdgeDataOptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
2943
:: ----------------------------------------------------------
2944
 
2945
 
2946
:: ----------------------------------------------------------
2947
:: --Disable diagnostics data processing for Business cloud--
2948
:: ----------------------------------------------------------
2949
echo --- Disable diagnostics data processing for Business cloud
2950
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!AllowWUfBCloudProcessing"
2951
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'AllowWUfBCloudProcessing' /t 'REG_DWORD' /d "^""$data"^"" /f"
2952
:: ----------------------------------------------------------
2953
 
2954
 
2955
:: ----------------------------------------------------------
2956
:: -Disable Update Compliance processing of diagnostics data-
2957
:: ----------------------------------------------------------
2958
echo --- Disable Update Compliance processing of diagnostics data
2959
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection!AllowUpdateComplianceProcessing"
2960
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' /v 'AllowUpdateComplianceProcessing' /t 'REG_DWORD' /d "^""$data"^"" /f"
2961
:: ----------------------------------------------------------
2962
 
2963
 
2964
:: ----------------------------------------------------------
2965
:: --------------Disable Cortana during search---------------
2966
:: ----------------------------------------------------------
2967
echo --- Disable Cortana during search
2968
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCortana"
2969
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'AllowCortana' /t 'REG_DWORD' /d "^""$data"^"" /f"
2970
:: Suggest restarting explorer.exe for changes to take effect
2971
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2972
:: ----------------------------------------------------------
2973
 
2974
 
2975
:: ----------------------------------------------------------
2976
:: ----------------Disable Cortana experience----------------
2977
:: ----------------------------------------------------------
2978
echo --- Disable Cortana experience
2979
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana!value"
2980
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
2981
:: ----------------------------------------------------------
2982
 
2983
 
2984
:: Disable Cortana's access to cloud services such as OneDrive and SharePoint
2985
echo --- Disable Cortana's access to cloud services such as OneDrive and SharePoint
2986
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCloudSearch"
2987
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'AllowCloudSearch' /t 'REG_DWORD' /d "^""$data"^"" /f"
2988
:: Suggest restarting explorer.exe for changes to take effect
2989
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2990
:: ----------------------------------------------------------
2991
 
2992
 
2993
:: Disable Cortana speech interaction while the system is locked
2994
echo --- Disable Cortana speech interaction while the system is locked
2995
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCortanaAboveLock"
2996
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'AllowCortanaAboveLock' /t 'REG_DWORD' /d "^""$data"^"" /f"
2997
:: Suggest restarting explorer.exe for changes to take effect
2998
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
2999
:: ----------------------------------------------------------
3000
 
3001
 
3002
:: ----------------------------------------------------------
3003
:: -----Disable participation in Cortana data collection-----
3004
:: ----------------------------------------------------------
3005
echo --- Disable participation in Cortana data collection
3006
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\Search!CortanaConsent"
3007
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Search' /v 'CortanaConsent' /t 'REG_DWORD' /d "^""$data"^"" /f"
3008
:: Suggest restarting explorer.exe for changes to take effect
3009
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3010
:: ----------------------------------------------------------
3011
 
3012
 
3013
:: ----------------------------------------------------------
3014
:: ---------------Disable enabling of Cortana----------------
3015
:: ----------------------------------------------------------
3016
echo --- Disable enabling of Cortana
3017
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\Search!CanCortanaBeEnabled"
3018
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Search' /v 'CanCortanaBeEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3019
:: ----------------------------------------------------------
3020
 
3021
 
3022
:: ----------------------------------------------------------
3023
:: --------------Disable Cortana in start menu---------------
3024
:: ----------------------------------------------------------
3025
echo --- Disable Cortana in start menu
3026
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!CortanaEnabled"
3027
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'CortanaEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3028
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!CortanaEnabled"
3029
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'CortanaEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3030
:: Suggest restarting explorer.exe for changes to take effect
3031
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3032
:: ----------------------------------------------------------
3033
 
3034
 
3035
:: ----------------------------------------------------------
3036
:: ------------Remove "Cortana" icon from taskbar------------
3037
:: ----------------------------------------------------------
3038
echo --- Remove "Cortana" icon from taskbar
3039
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced!ShowCortanaButton"
3040
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' /v 'ShowCortanaButton' /t 'REG_DWORD' /d "^""$data"^"" /f"
3041
:: Suggest restarting explorer.exe for changes to take effect
3042
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3043
:: ----------------------------------------------------------
3044
 
3045
 
3046
:: ----------------------------------------------------------
3047
:: -------------Disable Cortana in ambient mode--------------
3048
:: ----------------------------------------------------------
3049
echo --- Disable Cortana in ambient mode
3050
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!CortanaInAmbientMode"
3051
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'CortanaInAmbientMode' /t 'REG_DWORD' /d "^""$data"^"" /f"
3052
:: Suggest restarting explorer.exe for changes to take effect
3053
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3054
:: ----------------------------------------------------------
3055
 
3056
 
3057
:: ----------------------------------------------------------
3058
:: -----------Disable indexing of encrypted items------------
3059
:: ----------------------------------------------------------
3060
echo --- Disable indexing of encrypted items
3061
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowIndexingEncryptedStoresOrItems"
3062
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'AllowIndexingEncryptedStoresOrItems' /t 'REG_DWORD' /d "^""$data"^"" /f"
3063
:: Suggest restarting explorer.exe for changes to take effect
3064
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3065
:: ----------------------------------------------------------
3066
 
3067
 
3068
:: ----------------------------------------------------------
3069
:: ----Disable automatic language detection when indexing----
3070
:: ----------------------------------------------------------
3071
echo --- Disable automatic language detection when indexing
3072
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AlwaysUseAutoLangDetection"
3073
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'AlwaysUseAutoLangDetection' /t 'REG_DWORD' /d "^""$data"^"" /f"
3074
:: Suggest restarting explorer.exe for changes to take effect
3075
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3076
:: ----------------------------------------------------------
3077
 
3078
 
3079
:: ----------------------------------------------------------
3080
:: ----------Disable remote access to search index-----------
3081
:: ----------------------------------------------------------
3082
echo --- Disable remote access to search index
3083
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventRemoteQueries"
3084
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'PreventRemoteQueries' /t 'REG_DWORD' /d "^""$data"^"" /f"
3085
:: Suggest restarting explorer.exe for changes to take effect
3086
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3087
:: ----------------------------------------------------------
3088
 
3089
 
3090
:: ----------------------------------------------------------
3091
:: ----------Disable iFilters and protocol handlers----------
3092
:: ----------------------------------------------------------
3093
echo --- Disable iFilters and protocol handlers
3094
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventUnwantedAddIns"
3095
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  ' '; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'PreventUnwantedAddIns' /t 'REG_SZ' /d "^""$data"^"" /f"
3096
:: Suggest restarting explorer.exe for changes to take effect
3097
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3098
:: ----------------------------------------------------------
3099
 
3100
 
3101
:: Disable Bing search and recent search suggestions (breaks search history)
3102
echo --- Disable Bing search and recent search suggestions (breaks search history)
3103
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!DisableSearchBoxSuggestions"
3104
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer' /v 'DisableSearchBoxSuggestions' /t 'REG_DWORD' /d "^""$data"^"" /f"
3105
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!DisableSearchBoxSuggestions"
3106
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'DisableSearchBoxSuggestions' /t 'REG_DWORD' /d "^""$data"^"" /f"
3107
:: Suggest restarting explorer.exe for changes to take effect
3108
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3109
:: ----------------------------------------------------------
3110
 
3111
 
3112
:: ----------------------------------------------------------
3113
:: ------------Disable Bing search in start menu-------------
3114
:: ----------------------------------------------------------
3115
echo --- Disable Bing search in start menu
3116
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!BingSearchEnabled"
3117
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'BingSearchEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3118
:: Suggest restarting explorer.exe for changes to take effect
3119
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3120
:: ----------------------------------------------------------
3121
 
3122
 
3123
:: ----------------------------------------------------------
3124
:: -------------Disable web search in search bar-------------
3125
:: ----------------------------------------------------------
3126
echo --- Disable web search in search bar
3127
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableWebSearch"
3128
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'DisableWebSearch' /t 'REG_DWORD' /d "^""$data"^"" /f"
3129
:: Suggest restarting explorer.exe for changes to take effect
3130
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3131
:: ----------------------------------------------------------
3132
 
3133
 
3134
:: ----------------------------------------------------------
3135
:: ----------Disable web results in Windows Search-----------
3136
:: ----------------------------------------------------------
3137
echo --- Disable web results in Windows Search
3138
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWeb"
3139
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'ConnectedSearchUseWeb' /t 'REG_DWORD' /d "^""$data"^"" /f"
3140
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWebOverMeteredConnections"
3141
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'ConnectedSearchUseWebOverMeteredConnections' /t 'REG_DWORD' /d "^""$data"^"" /f"
3142
:: Suggest restarting explorer.exe for changes to take effect
3143
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3144
:: ----------------------------------------------------------
3145
 
3146
 
3147
:: ----------------------------------------------------------
3148
:: ------------Disable Windows search highlights-------------
3149
:: ----------------------------------------------------------
3150
echo --- Disable Windows search highlights
3151
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableDynamicContentInWSB"
3152
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search' /v 'EnableDynamicContentInWSB' /t 'REG_DWORD' /d "^""$data"^"" /f"
3153
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\SearchSettings!IsDynamicSearchBoxEnabled"
3154
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\SearchSettings'; $data =  '1'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\SearchSettings' /v 'IsDynamicSearchBoxEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3155
:: Suggest restarting explorer.exe for changes to take effect
3156
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3157
:: ----------------------------------------------------------
3158
 
3159
 
3160
:: ----------------------------------------------------------
3161
:: ------------Disable Cortana's history display-------------
3162
:: ----------------------------------------------------------
3163
echo --- Disable Cortana's history display
3164
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!HistoryViewEnabled"
3165
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'HistoryViewEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3166
:: ----------------------------------------------------------
3167
 
3168
 
3169
:: ----------------------------------------------------------
3170
:: ----------Disable Cortana's device history usage----------
3171
:: ----------------------------------------------------------
3172
echo --- Disable Cortana's device history usage
3173
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!DeviceHistoryEnabled"
3174
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'DeviceHistoryEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3175
:: Suggest restarting explorer.exe for changes to take effect
3176
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3177
:: ----------------------------------------------------------
3178
 
3179
 
3180
:: ----------------------------------------------------------
3181
:: ----------Disable "Hey Cortana" voice activation----------
3182
:: ----------------------------------------------------------
3183
echo --- Disable "Hey Cortana" voice activation
3184
:: Set the registry value: "HKCU\Software\Microsoft\Speech_OneCore\Preferences!VoiceActivationOn"
3185
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Speech_OneCore\Preferences'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Speech_OneCore\Preferences' /v 'VoiceActivationOn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3186
:: Set the registry value: "HKLM\Software\Microsoft\Speech_OneCore\Preferences!VoiceActivationDefaultOn"
3187
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Speech_OneCore\Preferences'; $data =  '0'; reg add 'HKLM\Software\Microsoft\Speech_OneCore\Preferences' /v 'VoiceActivationDefaultOn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3188
:: ----------------------------------------------------------
3189
 
3190
 
3191
:: Disable Cortana keyboard shortcut (**Windows logo key** + **C**)
3192
echo --- Disable Cortana keyboard shortcut (**Windows logo key** + **C**)
3193
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search!VoiceShortcut"
3194
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search' /v 'VoiceShortcut' /t 'REG_DWORD' /d "^""$data"^"" /f"
3195
:: Suggest restarting explorer.exe for changes to take effect
3196
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3197
:: ----------------------------------------------------------
3198
 
3199
 
3200
:: ----------------------------------------------------------
3201
:: -------------Disable Cortana on locked device-------------
3202
:: ----------------------------------------------------------
3203
echo --- Disable Cortana on locked device
3204
:: Set the registry value: "HKCU\Software\Microsoft\Speech_OneCore\Preferences!VoiceActivationEnableAboveLockscreen"
3205
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Speech_OneCore\Preferences'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Speech_OneCore\Preferences' /v 'VoiceActivationEnableAboveLockscreen' /t 'REG_DWORD' /d "^""$data"^"" /f"
3206
:: ----------------------------------------------------------
3207
 
3208
 
3209
:: ----------------------------------------------------------
3210
:: ---------Disable automatic update of speech data----------
3211
:: ----------------------------------------------------------
3212
echo --- Disable automatic update of speech data
3213
:: Set the registry value: "HKCU\Software\Microsoft\Speech_OneCore\Preferences!ModelDownloadAllowed"
3214
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Speech_OneCore\Preferences'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Speech_OneCore\Preferences' /v 'ModelDownloadAllowed' /t 'REG_DWORD' /d "^""$data"^"" /f"
3215
:: ----------------------------------------------------------
3216
 
3217
 
3218
:: ----------------------------------------------------------
3219
:: ----Disable Cortana voice support during Windows setup----
3220
:: ----------------------------------------------------------
3221
echo --- Disable Cortana voice support during Windows setup
3222
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE!DisableVoice"
3223
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE' /v 'DisableVoice' /t 'REG_DWORD' /d "^""$data"^"" /f"
3224
:: ----------------------------------------------------------
3225
 
3226
 
3227
:: ----------------------------------------------------------
3228
:: -------------------Disable Windows Tips-------------------
3229
:: ----------------------------------------------------------
3230
echo --- Disable Windows Tips
3231
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent!DisableSoftLanding"
3232
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent' /v 'DisableSoftLanding' /t 'REG_DWORD' /d "^""$data"^"" /f"
3233
:: ----------------------------------------------------------
3234
 
3235
 
3236
:: Disable Windows Spotlight (shows random wallpapers on lock screen)
3237
echo --- Disable Windows Spotlight (shows random wallpapers on lock screen)
3238
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\CloudContent!DisableWindowsSpotlightFeatures"
3239
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\CloudContent'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\CloudContent' /v 'DisableWindowsSpotlightFeatures' /t 'REG_DWORD' /d "^""$data"^"" /f"
3240
:: ----------------------------------------------------------
3241
 
3242
 
3243
:: ----------------------------------------------------------
3244
:: ----------Disable Microsoft Consumer Experiences----------
3245
:: ----------------------------------------------------------
3246
echo --- Disable Microsoft Consumer Experiences
3247
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\CloudContent!DisableWindowsConsumerFeatures"
3248
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\CloudContent'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\CloudContent' /v 'DisableWindowsConsumerFeatures' /t 'REG_DWORD' /d "^""$data"^"" /f"
3249
:: ----------------------------------------------------------
3250
 
3251
 
3252
:: Disable participation in Visual Studio Customer Experience Improvement Program (VSCEIP)
3253
echo --- Disable participation in Visual Studio Customer Experience Improvement Program (VSCEIP)
3254
:: Set the registry value: "HKLM\Software\Policies\Microsoft\VisualStudio\SQM!OptIn"
3255
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\VisualStudio\SQM'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\VisualStudio\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3256
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\VSCommon\14.0\SQM!OptIn"
3257
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\VSCommon\14.0\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\VSCommon\14.0\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3258
:: Set the registry value: "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\14.0\SQM!OptIn"
3259
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\14.0\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\14.0\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3260
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\VSCommon\15.0\SQM!OptIn"
3261
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\VSCommon\15.0\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\VSCommon\15.0\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3262
:: Set the registry value: "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM!OptIn"
3263
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3264
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\VSCommon\16.0\SQM!OptIn"
3265
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\VSCommon\16.0\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\VSCommon\16.0\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3266
:: Set the registry value: "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\16.0\SQM!OptIn"
3267
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\16.0\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\16.0\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3268
:: Set the registry value: "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\17.0\SQM!OptIn"
3269
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\17.0\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\17.0\SQM' /v 'OptIn' /t 'REG_DWORD' /d "^""$data"^"" /f"
3270
:: ----------------------------------------------------------
3271
 
3272
 
3273
:: ----------------------------------------------------------
3274
:: -------------Disable Visual Studio telemetry--------------
3275
:: ----------------------------------------------------------
3276
echo --- Disable Visual Studio telemetry
3277
:: Set the registry value: "HKCU\Software\Microsoft\VisualStudio\Telemetry!TurnOffSwitch"
3278
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\VisualStudio\Telemetry'; $data =  '1'; reg add 'HKCU\Software\Microsoft\VisualStudio\Telemetry' /v 'TurnOffSwitch' /t 'REG_DWORD' /d "^""$data"^"" /f"
3279
:: ----------------------------------------------------------
3280
 
3281
 
3282
:: ----------------------------------------------------------
3283
:: --------------Disable Visual Studio feedback--------------
3284
:: ----------------------------------------------------------
3285
echo --- Disable Visual Studio feedback
3286
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback!DisableFeedbackDialog"
3287
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback' /v 'DisableFeedbackDialog' /t 'REG_DWORD' /d "^""$data"^"" /f"
3288
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback!DisableEmailInput"
3289
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback' /v 'DisableEmailInput' /t 'REG_DWORD' /d "^""$data"^"" /f"
3290
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback!DisableScreenshotCapture"
3291
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback' /v 'DisableScreenshotCapture' /t 'REG_DWORD' /d "^""$data"^"" /f"
3292
:: ----------------------------------------------------------
3293
 
3294
 
3295
:: ----------------------------------------------------------
3296
:: ----Disable "Visual Studio Standard Collector Service"----
3297
:: ----------------------------------------------------------
3298
echo --- Disable "Visual Studio Standard Collector Service"
3299
:: Disable service(s): `VSStandardCollectorService150`
3300
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'VSStandardCollectorService150'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3301
:: ----------------------------------------------------------
3302
 
3303
 
3304
:: ----------------------------------------------------------
3305
:: ----------Disable Diagnostics Hub log collection----------
3306
:: ----------------------------------------------------------
3307
echo --- Disable Diagnostics Hub log collection
3308
:: Delete the registry value "LogLevel" from the key "HKLM\Software\Microsoft\VisualStudio\DiagnosticsHub" 
3309
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\Software\Microsoft\VisualStudio\DiagnosticsHub'; $valueName = 'LogLevel'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
3310
:: ----------------------------------------------------------
3311
 
3312
 
3313
:: ----------------------------------------------------------
3314
:: ---Disable participation in IntelliCode data collection---
3315
:: ----------------------------------------------------------
3316
echo --- Disable participation in IntelliCode data collection
3317
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\IntelliCode!DisableRemoteAnalysis"
3318
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\IntelliCode'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\IntelliCode' /v 'DisableRemoteAnalysis' /t 'REG_DWORD' /d "^""$data"^"" /f"
3319
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\VSCommon\16.0\IntelliCode!DisableRemoteAnalysis"
3320
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\VSCommon\16.0\IntelliCode'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\VSCommon\16.0\IntelliCode' /v 'DisableRemoteAnalysis' /t 'REG_DWORD' /d "^""$data"^"" /f"
3321
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\VSCommon\17.0\IntelliCode!DisableRemoteAnalysis"
3322
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\VSCommon\17.0\IntelliCode'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\VSCommon\17.0\IntelliCode' /v 'DisableRemoteAnalysis' /t 'REG_DWORD' /d "^""$data"^"" /f"
3323
:: ----------------------------------------------------------
3324
 
3325
 
3326
:: ----------------------------------------------------------
3327
:: -------------Remove Nvidia telemetry packages-------------
3328
:: ----------------------------------------------------------
3329
echo --- Remove Nvidia telemetry packages
3330
if exist "%ProgramFiles%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL" (
3331
    rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetryContainer
3332
    rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetry
3333
)
3334
:: ----------------------------------------------------------
3335
 
3336
 
3337
:: ----------------------------------------------------------
3338
:: ------------Remove Nvidia telemetry components------------
3339
:: ----------------------------------------------------------
3340
echo --- Remove Nvidia telemetry components
3341
:: Soft delete files matching pattern: "%PROGRAMFILES(X86)%\NVIDIA Corporation\NvTelemetry\*"  
3342
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES(X86)%\NVIDIA Corporation\NvTelemetry\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
3343
:: Soft delete files matching pattern: "%PROGRAMFILES%\NVIDIA Corporation\NvTelemetry\*"  
3344
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES%\NVIDIA Corporation\NvTelemetry\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
3345
:: ----------------------------------------------------------
3346
 
3347
 
3348
:: ----------------------------------------------------------
3349
:: -------------Disable Nvidia telemetry drivers-------------
3350
:: ----------------------------------------------------------
3351
echo --- Disable Nvidia telemetry drivers
3352
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\DriverStore\FileRepository\NvTelemetry*.dll"  
3353
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\DriverStore\FileRepository\NvTelemetry*.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
3354
:: ----------------------------------------------------------
3355
 
3356
 
3357
:: ----------------------------------------------------------
3358
:: --------Disable participation in Nvidia telemetry---------
3359
:: ----------------------------------------------------------
3360
echo --- Disable participation in Nvidia telemetry
3361
:: Set the registry value: "HKLM\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client!OptInOrOutPreference"
3362
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client'; $data =  '0'; reg add 'HKLM\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client' /v 'OptInOrOutPreference' /t 'REG_DWORD' /d "^""$data"^"" /f"
3363
:: Set the registry value: "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS!EnableRID44231"
3364
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS'; $data =  '0'; reg add 'HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS' /v 'EnableRID44231' /t 'REG_DWORD' /d "^""$data"^"" /f"
3365
:: Set the registry value: "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS!EnableRID64640"
3366
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS'; $data =  '0'; reg add 'HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS' /v 'EnableRID64640' /t 'REG_DWORD' /d "^""$data"^"" /f"
3367
:: Set the registry value: "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS!EnableRID66610"
3368
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS'; $data =  '0'; reg add 'HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS' /v 'EnableRID66610' /t 'REG_DWORD' /d "^""$data"^"" /f"
3369
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\Startup!SendTelemetryData"
3370
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\Startup'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\Startup' /v 'SendTelemetryData' /t 'REG_DWORD' /d "^""$data"^"" /f"
3371
:: ----------------------------------------------------------
3372
 
3373
 
3374
:: ----------------------------------------------------------
3375
:: -------Disable "Nvidia Telemetry Container" service-------
3376
:: ----------------------------------------------------------
3377
echo --- Disable "Nvidia Telemetry Container" service
3378
:: Disable service(s): `NvTelemetryContainer`
3379
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'NvTelemetryContainer'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3380
:: ----------------------------------------------------------
3381
 
3382
 
3383
:: ----------------------------------------------------------
3384
:: -----------Disable Visual Studio Code telemetry-----------
3385
:: ----------------------------------------------------------
3386
echo --- Disable Visual Studio Code telemetry
3387
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='telemetry.enableTelemetry'; $settingValue=$false; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3388
:: ----------------------------------------------------------
3389
 
3390
 
3391
:: ----------------------------------------------------------
3392
:: --------Disable Visual Studio Code crash reporting--------
3393
:: ----------------------------------------------------------
3394
echo --- Disable Visual Studio Code crash reporting
3395
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='telemetry.enableCrashReporter'; $settingValue=$false; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3396
:: ----------------------------------------------------------
3397
 
3398
 
3399
:: Disable online experiments by Microsoft in Visual Studio Code
3400
echo --- Disable online experiments by Microsoft in Visual Studio Code
3401
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='workbench.enableExperiments'; $settingValue=$false; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3402
:: ----------------------------------------------------------
3403
 
3404
 
3405
:: Disable Visual Studio Code automatic updates in favor of manual updates
3406
echo --- Disable Visual Studio Code automatic updates in favor of manual updates
3407
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='update.mode'; $settingValue='manual'; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3408
:: ----------------------------------------------------------
3409
 
3410
 
3411
:: Disable fetching release notes from Microsoft servers after an update
3412
echo --- Disable fetching release notes from Microsoft servers after an update
3413
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='update.showReleaseNotes'; $settingValue=$false; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3414
:: ----------------------------------------------------------
3415
 
3416
 
3417
:: Automatically check extensions from Microsoft online service
3418
echo --- Automatically check extensions from Microsoft online service
3419
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='extensions.autoCheckUpdates'; $settingValue=$false; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3420
:: ----------------------------------------------------------
3421
 
3422
 
3423
:: ----------------------------------------------------------
3424
:: ---Fetch recommendations from Microsoft only on demand----
3425
:: ----------------------------------------------------------
3426
echo --- Fetch recommendations from Microsoft only on demand
3427
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='extensions.showRecommendationsOnlyOnDemand'; $settingValue=$true; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3428
:: ----------------------------------------------------------
3429
 
3430
 
3431
:: Disable automatic fetching of remote repositories in Visual Studio Code
3432
echo --- Disable automatic fetching of remote repositories in Visual Studio Code
3433
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='git.autofetch'; $settingValue=$false; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3434
:: ----------------------------------------------------------
3435
 
3436
 
3437
:: Disable fetching package information from NPM and Bower in Visual Studio Code
3438
echo --- Disable fetching package information from NPM and Bower in Visual Studio Code
3439
PowerShell -ExecutionPolicy Unrestricted -Command "$settingKey='npm.fetchOnlinePackageInfo'; $settingValue=$false; $jsonFilePath = "^""$($env:APPDATA)\Code\User\settings.json"^""; if (!(Test-Path $jsonFilePath -PathType Leaf)) { Write-Host "^""Skipping, no updates. Settings file was not at `"^""$jsonFilePath`"^""."^""; exit 0; }; try { $fileContent = Get-Content $jsonFilePath -ErrorAction Stop; } catch { throw "^""Error, failed to read the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; if ([string]::IsNullOrWhiteSpace($fileContent)) { Write-Host "^""Settings file is empty. Treating it as default empty JSON object."^""; $fileContent = "^""{}"^""; }; try { $json = $fileContent | ConvertFrom-Json; } catch { throw "^""Error, invalid JSON format in the settings file: `"^""$jsonFilePath`"^"". Error: $_"^""; }; $existingValue = $json.$settingKey; if ($existingValue -eq $settingValue) { Write-Host "^""Skipping, `"^""$settingKey`"^"" is already configured as `"^""$settingValue`"^""."^""; exit 0; }; $json | Add-Member -Type NoteProperty -Name $settingKey -Value $settingValue -Force; $json | ConvertTo-Json | Set-Content $jsonFilePath; Write-Host "^""Successfully applied the setting to the file: `"^""$jsonFilePath`"^""."^"""
3440
:: ----------------------------------------------------------
3441
 
3442
 
3443
:: ----------------------------------------------------------
3444
:: -------------Disable Microsoft Office logging-------------
3445
:: ----------------------------------------------------------
3446
echo --- Disable Microsoft Office logging
3447
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail!EnableLogging"
3448
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail' /v 'EnableLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3449
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail!EnableLogging"
3450
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail' /v 'EnableLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3451
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar!EnableCalendarLogging"
3452
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar' /v 'EnableCalendarLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3453
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar!EnableCalendarLogging"
3454
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar' /v 'EnableCalendarLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3455
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options!EnableLogging"
3456
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options' /v 'EnableLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3457
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options!EnableLogging"
3458
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options' /v 'EnableLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3459
:: Set the registry value: "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM!EnableLogging"
3460
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM'; $data =  '0'; reg add 'HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM' /v 'EnableLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3461
:: Set the registry value: "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM!EnableLogging"
3462
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM'; $data =  '0'; reg add 'HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM' /v 'EnableLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3463
:: Set the registry value: "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM!EnableUpload"
3464
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM'; $data =  '0'; reg add 'HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM' /v 'EnableUpload' /t 'REG_DWORD' /d "^""$data"^"" /f"
3465
:: Set the registry value: "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM!EnableUpload"
3466
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM'; $data =  '0'; reg add 'HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM' /v 'EnableUpload' /t 'REG_DWORD' /d "^""$data"^"" /f"
3467
:: ----------------------------------------------------------
3468
 
3469
 
3470
:: ----------------------------------------------------------
3471
:: --------Disable Microsoft Office client telemetry---------
3472
:: ----------------------------------------------------------
3473
echo --- Disable Microsoft Office client telemetry
3474
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry!DisableTelemetry"
3475
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry' /v 'DisableTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
3476
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\ClientTelemetry!DisableTelemetry"
3477
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\15.0\Common\ClientTelemetry'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Office\15.0\Common\ClientTelemetry' /v 'DisableTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
3478
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry!DisableTelemetry"
3479
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry' /v 'DisableTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
3480
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry!VerboseLogging"
3481
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry' /v 'VerboseLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3482
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\ClientTelemetry!VerboseLogging"
3483
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\15.0\Common\ClientTelemetry'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\15.0\Common\ClientTelemetry' /v 'VerboseLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3484
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry!VerboseLogging"
3485
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry' /v 'VerboseLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3486
:: ----------------------------------------------------------
3487
 
3488
 
3489
:: Disable user participation in Office Customer Experience Improvement Program (CEIP)
3490
echo --- Disable user participation in Office Customer Experience Improvement Program (CEIP)
3491
:: Set the registry value: "HKCU\Software\Policies\Microsoft\Office\15.0\Common!QMEnable"
3492
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\Office\15.0\Common'; $data =  '0'; reg add 'HKCU\Software\Policies\Microsoft\Office\15.0\Common' /v 'QMEnable' /t 'REG_DWORD' /d "^""$data"^"" /f"
3493
:: Set the registry value: "HKCU\Software\Policies\Microsoft\Office\16.0\Common!QMEnable"
3494
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\Office\16.0\Common'; $data =  '0'; reg add 'HKCU\Software\Policies\Microsoft\Office\16.0\Common' /v 'QMEnable' /t 'REG_DWORD' /d "^""$data"^"" /f"
3495
:: ----------------------------------------------------------
3496
 
3497
 
3498
:: ----------------------------------------------------------
3499
:: ------------Disable Microsoft Office feedback-------------
3500
:: ----------------------------------------------------------
3501
echo --- Disable Microsoft Office feedback
3502
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback!Enabled"
3503
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3504
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback!Enabled"
3505
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3506
:: ----------------------------------------------------------
3507
 
3508
 
3509
:: ----------------------------------------------------------
3510
:: ---------Disable Microsoft Office telemetry agent---------
3511
:: ----------------------------------------------------------
3512
echo --- Disable Microsoft Office telemetry agent
3513
:: Disable scheduled task(s): `\Microsoft\Office\OfficeTelemetryAgentFallBack`
3514
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Office\'; $taskNamePattern='OfficeTelemetryAgentFallBack'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3515
:: Disable scheduled task(s): `\Microsoft\Office\OfficeTelemetryAgentFallBack2016`
3516
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Office\'; $taskNamePattern='OfficeTelemetryAgentFallBack2016'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3517
:: Disable scheduled task(s): `\Microsoft\Office\OfficeTelemetryAgentLogOn`
3518
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Office\'; $taskNamePattern='OfficeTelemetryAgentLogOn'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3519
:: Disable scheduled task(s): `\Microsoft\Office\OfficeTelemetryAgentLogOn2016`
3520
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Office\'; $taskNamePattern='OfficeTelemetryAgentLogOn2016'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3521
:: ----------------------------------------------------------
3522
 
3523
 
3524
:: ----------------------------------------------------------
3525
:: --Disable "Microsoft Office Subscription Heartbeat" task--
3526
:: ----------------------------------------------------------
3527
echo --- Disable "Microsoft Office Subscription Heartbeat" task
3528
:: Disable scheduled task(s): `\Microsoft\Office\Office 15 Subscription Heartbeat`
3529
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Office\'; $taskNamePattern='Office 15 Subscription Heartbeat'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3530
:: ----------------------------------------------------------
3531
 
3532
 
3533
:: ----------------------------------------------------------
3534
:: ---------Disable "Google Update Service" services---------
3535
:: ----------------------------------------------------------
3536
echo --- Disable "Google Update Service" services
3537
:: Disable service(s): `gupdate`
3538
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'gupdate'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3539
:: Disable service(s): `gupdatem`
3540
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'gupdatem'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3541
:: ----------------------------------------------------------
3542
 
3543
 
3544
:: Disable Google automatic updates scheduled tasks (breaks Google Credential Provider)
3545
echo --- Disable Google automatic updates scheduled tasks (breaks Google Credential Provider)
3546
:: Disable scheduled task(s): `\GoogleUpdateTaskMachineCore`
3547
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='GoogleUpdateTaskMachineCore'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3548
:: Disable scheduled task(s): `\GoogleUpdateTaskMachineUA`
3549
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='GoogleUpdateTaskMachineUA'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3550
:: Disable scheduled task(s): `\GoogleUpdateTaskMachineCore{*}`
3551
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='GoogleUpdateTaskMachineCore{*}'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3552
:: Disable scheduled task(s): `\GoogleUpdateTaskMachineUA{*}`
3553
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='GoogleUpdateTaskMachineUA{*}'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3554
:: ----------------------------------------------------------
3555
 
3556
 
3557
:: ----------------------------------------------------------
3558
:: ------Disable "Adobe Acrobat Update Service" service------
3559
:: ----------------------------------------------------------
3560
echo --- Disable "Adobe Acrobat Update Service" service
3561
:: Disable service(s): `AdobeARMservice`
3562
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'AdobeARMservice'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3563
:: ----------------------------------------------------------
3564
 
3565
 
3566
:: ----------------------------------------------------------
3567
:: ----------Disable "Adobe Update Service" service----------
3568
:: ----------------------------------------------------------
3569
echo --- Disable "Adobe Update Service" service
3570
:: Disable service(s): `adobeupdateservice`
3571
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'adobeupdateservice'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3572
:: ----------------------------------------------------------
3573
 
3574
 
3575
:: ----------------------------------------------------------
3576
:: ----Disable "Adobe Acrobat Update Task" scheduled task----
3577
:: ----------------------------------------------------------
3578
echo --- Disable "Adobe Acrobat Update Task" scheduled task
3579
:: Disable scheduled task(s): `\Adobe Acrobat Update Task`
3580
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='Adobe Acrobat Update Task'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3581
:: ----------------------------------------------------------
3582
 
3583
 
3584
:: ----------------------------------------------------------
3585
:: --------Disable "Dropbox Update Service" services---------
3586
:: ----------------------------------------------------------
3587
echo --- Disable "Dropbox Update Service" services
3588
:: Disable service(s): `dbupdate`
3589
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'dbupdate'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3590
:: Disable service(s): `dbupdatem`
3591
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'dbupdatem'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3592
:: ----------------------------------------------------------
3593
 
3594
 
3595
:: ----------------------------------------------------------
3596
:: ----Disable Dropbox automatic updates scheduled tasks-----
3597
:: ----------------------------------------------------------
3598
echo --- Disable Dropbox automatic updates scheduled tasks
3599
:: Disable scheduled task(s): `\DropboxUpdateTaskMachineUA`
3600
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='DropboxUpdateTaskMachineUA'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3601
:: Disable scheduled task(s): `\DropboxUpdateTaskMachineCore`
3602
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='DropboxUpdateTaskMachineCore'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3603
:: ----------------------------------------------------------
3604
 
3605
 
3606
:: ----------------------------------------------------------
3607
:: -----Disable sending Windows Media Player statistics------
3608
:: ----------------------------------------------------------
3609
echo --- Disable sending Windows Media Player statistics
3610
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\MediaPlayer\Preferences!UsageTracking"
3611
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\MediaPlayer\Preferences'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\MediaPlayer\Preferences' /v 'UsageTracking' /t 'REG_DWORD' /d "^""$data"^"" /f"
3612
:: ----------------------------------------------------------
3613
 
3614
 
3615
:: ----------------------------------------------------------
3616
:: ----------------Disable metadata retrieval----------------
3617
:: ----------------------------------------------------------
3618
echo --- Disable metadata retrieval
3619
:: Set the registry value: "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCDDVDMetadataRetrieval"
3620
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\WindowsMediaPlayer'; $data =  '1'; reg add 'HKCU\Software\Policies\Microsoft\WindowsMediaPlayer' /v 'PreventCDDVDMetadataRetrieval' /t 'REG_DWORD' /d "^""$data"^"" /f"
3621
:: Set the registry value: "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventMusicFileMetadataRetrieval"
3622
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\WindowsMediaPlayer'; $data =  '1'; reg add 'HKCU\Software\Policies\Microsoft\WindowsMediaPlayer' /v 'PreventMusicFileMetadataRetrieval' /t 'REG_DWORD' /d "^""$data"^"" /f"
3623
:: Set the registry value: "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventRadioPresetsRetrieval"
3624
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\WindowsMediaPlayer'; $data =  '1'; reg add 'HKCU\Software\Policies\Microsoft\WindowsMediaPlayer' /v 'PreventRadioPresetsRetrieval' /t 'REG_DWORD' /d "^""$data"^"" /f"
3625
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\WMDRM!DisableOnline"
3626
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\WMDRM'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\WMDRM' /v 'DisableOnline' /t 'REG_DWORD' /d "^""$data"^"" /f"
3627
:: ----------------------------------------------------------
3628
 
3629
 
3630
:: Disable "Windows Media Player Network Sharing Service" (`WMPNetworkSvc`)
3631
echo --- Disable "Windows Media Player Network Sharing Service" (`WMPNetworkSvc`)
3632
:: Disable service(s): `WMPNetworkSvc`
3633
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'WMPNetworkSvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
3634
:: ----------------------------------------------------------
3635
 
3636
 
3637
:: ----------------------------------------------------------
3638
:: ----------Disable "NVIDIA Telemetry Report" task----------
3639
:: ----------------------------------------------------------
3640
echo --- Disable "NVIDIA Telemetry Report" task
3641
:: Disable scheduled task(s): `\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}`
3642
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3643
:: ----------------------------------------------------------
3644
 
3645
 
3646
:: ----------------------------------------------------------
3647
:: -----Disable "NVIDIA Telemetry Report on Logon" task------
3648
:: ----------------------------------------------------------
3649
echo --- Disable "NVIDIA Telemetry Report on Logon" task
3650
:: Disable scheduled task(s): `\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}`
3651
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3652
:: ----------------------------------------------------------
3653
 
3654
 
3655
:: ----------------------------------------------------------
3656
:: ---------Disable "NVIDIA telemetry monitor" task----------
3657
:: ----------------------------------------------------------
3658
echo --- Disable "NVIDIA telemetry monitor" task
3659
:: Disable scheduled task(s): `\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}`
3660
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
3661
:: ----------------------------------------------------------
3662
 
3663
 
3664
:: ----------------------------------------------------------
3665
:: ---------------Disable Edge Follow feature----------------
3666
:: ----------------------------------------------------------
3667
echo --- Disable Edge Follow feature
3668
:: Configure "EdgeFollowEnabled" Edge policy
3669
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!EdgeFollowEnabled"
3670
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'EdgeFollowEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3671
:: ----------------------------------------------------------
3672
 
3673
 
3674
:: ----------------------------------------------------------
3675
:: -------------Disable Edge Shopping Assistant--------------
3676
:: ----------------------------------------------------------
3677
echo --- Disable Edge Shopping Assistant
3678
:: Configure "EdgeShoppingAssistantEnabled" Edge policy
3679
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!EdgeShoppingAssistantEnabled"
3680
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'EdgeShoppingAssistantEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3681
:: ----------------------------------------------------------
3682
 
3683
 
3684
:: ----------------------------------------------------------
3685
:: ------------Disable Edge Search bar on desktop------------
3686
:: ----------------------------------------------------------
3687
echo --- Disable Edge Search bar on desktop
3688
:: Configure "WebWidgetAllowed" Edge policy
3689
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!WebWidgetAllowed"
3690
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'WebWidgetAllowed' /t 'REG_DWORD' /d "^""$data"^"" /f"
3691
:: Configure "WebWidgetIsEnabledOnStartup" Edge policy
3692
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!WebWidgetIsEnabledOnStartup"
3693
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'WebWidgetIsEnabledOnStartup' /t 'REG_DWORD' /d "^""$data"^"" /f"
3694
:: Configure "SearchbarAllowed" Edge policy
3695
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SearchbarAllowed"
3696
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SearchbarAllowed' /t 'REG_DWORD' /d "^""$data"^"" /f"
3697
:: Configure "SearchbarIsEnabledOnStartup" Edge policy
3698
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SearchbarIsEnabledOnStartup"
3699
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SearchbarIsEnabledOnStartup' /t 'REG_DWORD' /d "^""$data"^"" /f"
3700
:: ----------------------------------------------------------
3701
 
3702
 
3703
:: ----------------------------------------------------------
3704
:: --------------Disable Edge Microsoft Rewards--------------
3705
:: ----------------------------------------------------------
3706
echo --- Disable Edge Microsoft Rewards
3707
:: Configure "ShowMicrosoftRewards" Edge policy
3708
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!ShowMicrosoftRewards"
3709
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'ShowMicrosoftRewards' /t 'REG_DWORD' /d "^""$data"^"" /f"
3710
:: Suggest restarting Edge for changes to take effect
3711
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3712
:: ----------------------------------------------------------
3713
 
3714
 
3715
:: ----------------------------------------------------------
3716
:: -------Disable Edge Bing suggestions in address bar-------
3717
:: ----------------------------------------------------------
3718
echo --- Disable Edge Bing suggestions in address bar
3719
:: Configure "AddressBarMicrosoftSearchInBingProviderEnabled" Edge policy
3720
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!AddressBarMicrosoftSearchInBingProviderEnabled"
3721
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'AddressBarMicrosoftSearchInBingProviderEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3722
:: Suggest restarting Edge for changes to take effect
3723
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3724
:: ----------------------------------------------------------
3725
 
3726
 
3727
:: ----------------------------------------------------------
3728
:: -------Disable Edge "Find on Page" data collection--------
3729
:: ----------------------------------------------------------
3730
echo --- Disable Edge "Find on Page" data collection
3731
:: Configure "RelatedMatchesCloudServiceEnabled" Edge policy
3732
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!RelatedMatchesCloudServiceEnabled"
3733
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'RelatedMatchesCloudServiceEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3734
:: ----------------------------------------------------------
3735
 
3736
 
3737
:: ----------------------------------------------------------
3738
:: -------Disable Edge sign-in prompt on new tab page--------
3739
:: ----------------------------------------------------------
3740
echo --- Disable Edge sign-in prompt on new tab page
3741
:: Configure "SignInCtaOnNtpEnabled" Edge policy
3742
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SignInCtaOnNtpEnabled"
3743
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SignInCtaOnNtpEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3744
:: Suggest restarting Edge for changes to take effect
3745
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3746
:: ----------------------------------------------------------
3747
 
3748
 
3749
:: ----------------------------------------------------------
3750
:: ---------Disable Edge search and site suggestions---------
3751
:: ----------------------------------------------------------
3752
echo --- Disable Edge search and site suggestions
3753
:: Configure "SearchSuggestEnabled" Edge policy
3754
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SearchSuggestEnabled"
3755
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SearchSuggestEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3756
:: ----------------------------------------------------------
3757
 
3758
 
3759
:: ----------------------------------------------------------
3760
:: ----Disable outdated Edge automatic image enhancement-----
3761
:: ----------------------------------------------------------
3762
echo --- Disable outdated Edge automatic image enhancement
3763
:: Configure "EdgeEnhanceImagesEnabled" Edge policy
3764
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!EdgeEnhanceImagesEnabled"
3765
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'EdgeEnhanceImagesEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3766
:: ----------------------------------------------------------
3767
 
3768
 
3769
:: ----------------------------------------------------------
3770
:: -------Disable Edge quick links on the new tab page-------
3771
:: ----------------------------------------------------------
3772
echo --- Disable Edge quick links on the new tab page
3773
:: Configure "NewTabPageQuickLinksEnabled" Edge policy
3774
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!NewTabPageQuickLinksEnabled"
3775
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'NewTabPageQuickLinksEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3776
:: ----------------------------------------------------------
3777
 
3778
 
3779
:: ----------------------------------------------------------
3780
:: --Disable Edge remote background images on new tab page---
3781
:: ----------------------------------------------------------
3782
echo --- Disable Edge remote background images on new tab page
3783
:: Configure "NewTabPageAllowedBackgroundTypes" Edge policy
3784
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!NewTabPageAllowedBackgroundTypes"
3785
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'NewTabPageAllowedBackgroundTypes' /t 'REG_DWORD' /d "^""$data"^"" /f"
3786
:: ----------------------------------------------------------
3787
 
3788
 
3789
:: ----------------------------------------------------------
3790
:: -------------Disable Edge Collections feature-------------
3791
:: ----------------------------------------------------------
3792
echo --- Disable Edge Collections feature
3793
:: Configure "EdgeCollectionsEnabled" Edge policy
3794
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!EdgeCollectionsEnabled"
3795
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'EdgeCollectionsEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3796
:: Suggest restarting Edge for changes to take effect
3797
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3798
:: ----------------------------------------------------------
3799
 
3800
 
3801
:: ----------------------------------------------------------
3802
:: -Disable Edge failed page data collection and suggestions-
3803
:: ----------------------------------------------------------
3804
echo --- Disable Edge failed page data collection and suggestions
3805
:: Configure "AlternateErrorPagesEnabled" Edge policy
3806
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!AlternateErrorPagesEnabled"
3807
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'AlternateErrorPagesEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3808
:: ----------------------------------------------------------
3809
 
3810
 
3811
:: ----------------------------------------------------------
3812
:: -------------Disable outdated Edge games menu-------------
3813
:: ----------------------------------------------------------
3814
echo --- Disable outdated Edge games menu
3815
:: Configure "AllowGamesMenu" Edge policy
3816
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!AllowGamesMenu"
3817
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'AllowGamesMenu' /t 'REG_DWORD' /d "^""$data"^"" /f"
3818
:: Suggest restarting Edge for changes to take effect
3819
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3820
:: ----------------------------------------------------------
3821
 
3822
 
3823
:: ----------------------------------------------------------
3824
:: ---------------Disable Edge in-app support----------------
3825
:: ----------------------------------------------------------
3826
echo --- Disable Edge in-app support
3827
:: Configure "InAppSupportEnabled" Edge policy
3828
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!InAppSupportEnabled"
3829
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'InAppSupportEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3830
:: Suggest restarting Edge for changes to take effect
3831
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
3832
:: ----------------------------------------------------------
3833
 
3834
 
3835
:: ----------------------------------------------------------
3836
:: --------Disable Edge payment data storage and ads---------
3837
:: ----------------------------------------------------------
3838
echo --- Disable Edge payment data storage and ads
3839
:: Configure "AutofillCreditCardEnabled" Edge policy
3840
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!AutofillCreditCardEnabled"
3841
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'AutofillCreditCardEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3842
:: ----------------------------------------------------------
3843
 
3844
 
3845
:: ----------------------------------------------------------
3846
:: ------------Disable Edge address data storage-------------
3847
:: ----------------------------------------------------------
3848
echo --- Disable Edge address data storage
3849
:: Configure "AutofillAddressEnabled" Edge policy
3850
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!AutofillAddressEnabled"
3851
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'AutofillAddressEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3852
:: ----------------------------------------------------------
3853
 
3854
 
3855
:: ----------------------------------------------------------
3856
:: --Disable Edge experimentation and remote configuration---
3857
:: ----------------------------------------------------------
3858
echo --- Disable Edge experimentation and remote configuration
3859
:: Configure "ExperimentationAndConfigurationServiceControl" Edge policy
3860
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!ExperimentationAndConfigurationServiceControl"
3861
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'ExperimentationAndConfigurationServiceControl' /t 'REG_DWORD' /d "^""$data"^"" /f"
3862
:: ----------------------------------------------------------
3863
 
3864
 
3865
:: ----------------------------------------------------------
3866
:: --------------Disable Edge automatic startup--------------
3867
:: ----------------------------------------------------------
3868
echo --- Disable Edge automatic startup
3869
:: Configure "StartupBoostEnabled" Edge policy
3870
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!StartupBoostEnabled"
3871
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'StartupBoostEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3872
:: ----------------------------------------------------------
3873
 
3874
 
3875
:: ----------------------------------------------------------
3876
:: --------Disable Edge external connectivity checks---------
3877
:: ----------------------------------------------------------
3878
echo --- Disable Edge external connectivity checks
3879
:: Configure "ResolveNavigationErrorsUseWebService" Edge policy
3880
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!ResolveNavigationErrorsUseWebService"
3881
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'ResolveNavigationErrorsUseWebService' /t 'REG_DWORD' /d "^""$data"^"" /f"
3882
:: ----------------------------------------------------------
3883
 
3884
 
3885
:: ----------------------------------------------------------
3886
:: -----------Disable Edge Family Safety settings------------
3887
:: ----------------------------------------------------------
3888
echo --- Disable Edge Family Safety settings
3889
:: Configure "FamilySafetySettingsEnabled" Edge policy
3890
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!FamilySafetySettingsEnabled"
3891
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'FamilySafetySettingsEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3892
:: ----------------------------------------------------------
3893
 
3894
 
3895
:: ----------------------------------------------------------
3896
:: ----Disable Edge site information gathering from Bing-----
3897
:: ----------------------------------------------------------
3898
echo --- Disable Edge site information gathering from Bing
3899
:: Configure "SiteSafetyServicesEnabled" Edge policy
3900
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SiteSafetyServicesEnabled"
3901
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SiteSafetyServicesEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
3902
:: ----------------------------------------------------------
3903
 
3904
 
3905
:: ----------------------------------------------------------
3906
:: -----Disable Edge (Legacy) Live Tile data collection------
3907
:: ----------------------------------------------------------
3908
echo --- Disable Edge (Legacy) Live Tile data collection
3909
:: Configure "PreventLiveTileDataCollection" Edge (Legacy) policy
3910
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main!PreventLiveTileDataCollection"
3911
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main' /v 'PreventLiveTileDataCollection' /t 'REG_DWORD' /d "^""$data"^"" /f"
3912
:: Set the registry value: "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main!PreventLiveTileDataCollection"
3913
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main'; $data =  '1'; reg add 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main' /v 'PreventLiveTileDataCollection' /t 'REG_DWORD' /d "^""$data"^"" /f"
3914
:: ----------------------------------------------------------
3915
 
3916
 
3917
:: ----------------------------------------------------------
3918
:: ---------Disable Edge (Legacy) search suggestions---------
3919
:: ----------------------------------------------------------
3920
echo --- Disable Edge (Legacy) search suggestions
3921
:: Configure "ShowSearchSuggestionsGlobal" Edge (Legacy) policy
3922
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes!ShowSearchSuggestionsGlobal"
3923
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes' /v 'ShowSearchSuggestionsGlobal' /t 'REG_DWORD' /d "^""$data"^"" /f"
3924
:: Set the registry value: "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\SearchScopes!ShowSearchSuggestionsGlobal"
3925
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\SearchScopes'; $data =  '0'; reg add 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\SearchScopes' /v 'ShowSearchSuggestionsGlobal' /t 'REG_DWORD' /d "^""$data"^"" /f"
3926
:: ----------------------------------------------------------
3927
 
3928
 
3929
:: ----------------------------------------------------------
3930
:: ----------Disable Edge (Legacy) Books telemetry-----------
3931
:: ----------------------------------------------------------
3932
echo --- Disable Edge (Legacy) Books telemetry
3933
:: Configure "EnableExtendedBooksTelemetry" Edge (Legacy) policy
3934
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\BooksLibrary!EnableExtendedBooksTelemetry"
3935
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\BooksLibrary'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\BooksLibrary' /v 'EnableExtendedBooksTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
3936
:: Set the registry value: "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BooksLibrary!EnableExtendedBooksTelemetry"
3937
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BooksLibrary'; $data =  '0'; reg add 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BooksLibrary' /v 'EnableExtendedBooksTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
3938
:: ----------------------------------------------------------
3939
 
3940
 
3941
:: ----------------------------------------------------------
3942
:: ----------Disable Internet Explorer geolocation-----------
3943
:: ----------------------------------------------------------
3944
echo --- Disable Internet Explorer geolocation
3945
:: Set the registry value: "HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation"
3946
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation'; $data =  '1'; reg add 'HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation' /v 'PolicyDisableGeolocation' /t 'REG_DWORD' /d "^""$data"^"" /f"
3947
:: ----------------------------------------------------------
3948
 
3949
 
3950
:: ----------------------------------------------------------
3951
:: -------Disable Internet Explorer InPrivate logging--------
3952
:: ----------------------------------------------------------
3953
echo --- Disable Internet Explorer InPrivate logging
3954
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging"
3955
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Safety\PrivacIE'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Safety\PrivacIE' /v 'DisableLogging' /t 'REG_DWORD' /d "^""$data"^"" /f"
3956
:: ----------------------------------------------------------
3957
 
3958
 
3959
:: Disable Internet Explorer Customer Experience Improvement Program (CEIP) participation
3960
echo --- Disable Internet Explorer Customer Experience Improvement Program (CEIP) participation
3961
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram"
3962
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM' /v 'DisableCustomerImprovementProgram' /t 'REG_DWORD' /d "^""$data"^"" /f"
3963
:: ----------------------------------------------------------
3964
 
3965
 
3966
:: ----------------------------------------------------------
3967
:: -------------Disable legacy WCM policy calls--------------
3968
:: ----------------------------------------------------------
3969
echo --- Disable legacy WCM policy calls
3970
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CallLegacyWCMPolicies"
3971
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' /v 'CallLegacyWCMPolicies' /t 'REG_DWORD' /d "^""$data"^"" /f"
3972
:: ----------------------------------------------------------
3973
 
3974
 
3975
:: ----------------------------------------------------------
3976
:: ------------------Disable SSLv3 fallback------------------
3977
:: ----------------------------------------------------------
3978
echo --- Disable SSLv3 fallback
3979
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSSL3Fallback"
3980
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' /v 'EnableSSL3Fallback' /t 'REG_DWORD' /d "^""$data"^"" /f"
3981
:: ----------------------------------------------------------
3982
 
3983
 
3984
:: ----------------------------------------------------------
3985
:: ------------Disable certificate error ignoring------------
3986
:: ----------------------------------------------------------
3987
echo --- Disable certificate error ignoring
3988
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors"
3989
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' /v 'PreventIgnoreCertErrors' /t 'REG_DWORD' /d "^""$data"^"" /f"
3990
:: ----------------------------------------------------------
3991
 
3992
 
3993
:: ----------------------------------------------------------
3994
:: ------Disable outdated Chrome Software Reporter Tool------
3995
:: ----------------------------------------------------------
3996
echo --- Disable outdated Chrome Software Reporter Tool
3997
:: Check and terminate the running process "software_reporter_tool.exe"
3998
tasklist /fi "ImageName eq software_reporter_tool.exe" /fo csv 2>NUL | find /i "software_reporter_tool.exe">NUL && (
3999
    echo software_reporter_tool.exe is running and will be killed.
4000
    taskkill /f /im software_reporter_tool.exe
4001
) || (
4002
    echo Skipping, software_reporter_tool.exe is not running.
4003
)
4004
:: Configure termination of "software_reporter_tool.exe" immediately upon its startup
4005
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\software_reporter_tool.exe!Debugger"
4006
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\software_reporter_tool.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\software_reporter_tool.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
4007
:: Add a rule to prevent the executable "software_reporter_tool.exe" from running via File Explorer
4008
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='software_reporter_tool.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
4009
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
4010
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
4011
:: ----------------------------------------------------------
4012
 
4013
 
4014
:: ----------------------------------------------------------
4015
:: -------------Disable Chrome metrics reporting-------------
4016
:: ----------------------------------------------------------
4017
echo --- Disable Chrome metrics reporting
4018
:: Configure "MetricsReportingEnabled" Chrome policy
4019
:: Set the registry value: "HKLM\SOFTWARE\Policies\Google\Chrome!MetricsReportingEnabled"
4020
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Google\Chrome'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Google\Chrome' /v 'MetricsReportingEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4021
:: Suggest restarting Chrome for changes to take effect
4022
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Google Chrome.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4023
:: ----------------------------------------------------------
4024
 
4025
 
4026
:: ----------------------------------------------------------
4027
:: Disable Firefox default browser and system data reporting-
4028
:: ----------------------------------------------------------
4029
echo --- Disable Firefox default browser and system data reporting
4030
:: Set the registry value: "HKLM\SOFTWARE\Policies\Mozilla\Firefox!DisableDefaultBrowserAgent"
4031
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Mozilla\Firefox'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Mozilla\Firefox' /v 'DisableDefaultBrowserAgent' /t 'REG_DWORD' /d "^""$data"^"" /f"
4032
:: ----------------------------------------------------------
4033
 
4034
 
4035
:: ----------------------------------------------------------
4036
:: --------Disable Firefox background browser checks---------
4037
:: ----------------------------------------------------------
4038
echo --- Disable Firefox background browser checks
4039
:: Disable scheduled task(s): `\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB`
4040
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Mozilla\'; $taskNamePattern='Firefox Default Browser Agent 308046B0AF4A39CB'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
4041
:: Disable scheduled task(s): `\Mozilla\Firefox Default Browser Agent D2CEEC440E2074BD`
4042
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Mozilla\'; $taskNamePattern='Firefox Default Browser Agent D2CEEC440E2074BD'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
4043
:: ----------------------------------------------------------
4044
 
4045
 
4046
:: ----------------------------------------------------------
4047
:: --------Disable Firefox telemetry data collection---------
4048
:: ----------------------------------------------------------
4049
echo --- Disable Firefox telemetry data collection
4050
:: Set the registry value: "HKLM\SOFTWARE\Policies\Mozilla\Firefox!DisableTelemetry"
4051
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Mozilla\Firefox'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Mozilla\Firefox' /v 'DisableTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
4052
:: ----------------------------------------------------------
4053
 
4054
 
4055
:: ----------------------------------------------------------
4056
:: -----------Disable Edge diagnostic data sending-----------
4057
:: ----------------------------------------------------------
4058
echo --- Disable Edge diagnostic data sending
4059
:: Configure "DiagnosticData" Edge policy
4060
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!DiagnosticData"
4061
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'DiagnosticData' /t 'REG_DWORD' /d "^""$data"^"" /f"
4062
:: Suggest restarting Edge for changes to take effect
4063
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4064
:: ----------------------------------------------------------
4065
 
4066
 
4067
:: ----------------------------------------------------------
4068
:: --------Disable outdated Edge metrics data sending--------
4069
:: ----------------------------------------------------------
4070
echo --- Disable outdated Edge metrics data sending
4071
:: Configure "MetricsReportingEnabled" Edge policy
4072
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!MetricsReportingEnabled"
4073
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'MetricsReportingEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4074
:: Suggest restarting Edge for changes to take effect
4075
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4076
:: ----------------------------------------------------------
4077
 
4078
 
4079
:: ----------------------------------------------------------
4080
:: ------Disable outdated Edge site information sending------
4081
:: ----------------------------------------------------------
4082
echo --- Disable outdated Edge site information sending
4083
:: Configure "SendSiteInfoToImproveServices" Edge policy
4084
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SendSiteInfoToImproveServices"
4085
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SendSiteInfoToImproveServices' /t 'REG_DWORD' /d "^""$data"^"" /f"
4086
:: Suggest restarting Edge for changes to take effect
4087
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4088
:: ----------------------------------------------------------
4089
 
4090
 
4091
:: ----------------------------------------------------------
4092
:: ------------------Disable Edge Feedback-------------------
4093
:: ----------------------------------------------------------
4094
echo --- Disable Edge Feedback
4095
:: Configure "UserFeedbackAllowed" Edge policy
4096
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!UserFeedbackAllowed"
4097
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'UserFeedbackAllowed' /t 'REG_DWORD' /d "^""$data"^"" /f"
4098
:: Suggest restarting Edge for changes to take effect
4099
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4100
:: ----------------------------------------------------------
4101
 
4102
 
4103
:: ----------------------------------------------------------
4104
:: ----------Disable Edge automatic update services----------
4105
:: ----------------------------------------------------------
4106
echo --- Disable Edge automatic update services
4107
:: Disable service(s): `edgeupdate`
4108
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'edgeupdate'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
4109
:: Disable service(s): `edgeupdatem`
4110
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'edgeupdatem'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
4111
:: ----------------------------------------------------------
4112
 
4113
 
4114
:: ----------------------------------------------------------
4115
:: ------Disable Edge automatic update scheduled tasks-------
4116
:: ----------------------------------------------------------
4117
echo --- Disable Edge automatic update scheduled tasks
4118
:: Disable scheduled task(s): `\MicrosoftEdgeUpdateTaskMachineCore{*}`
4119
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='MicrosoftEdgeUpdateTaskMachineCore{*}'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
4120
:: Disable scheduled task(s): `\MicrosoftEdgeUpdateTaskMachineUA{*}`
4121
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\'; $taskNamePattern='MicrosoftEdgeUpdateTaskMachineUA{*}'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
4122
:: ----------------------------------------------------------
4123
 
4124
 
4125
:: ----------------------------------------------------------
4126
:: --------------Disable Edge update executable--------------
4127
:: ----------------------------------------------------------
4128
echo --- Disable Edge update executable
4129
:: Check and terminate the running process "MicrosoftEdgeUpdate.exe"
4130
tasklist /fi "ImageName eq MicrosoftEdgeUpdate.exe" /fo csv 2>NUL | find /i "MicrosoftEdgeUpdate.exe">NUL && (
4131
    echo MicrosoftEdgeUpdate.exe is running and will be killed.
4132
    taskkill /f /im MicrosoftEdgeUpdate.exe
4133
) || (
4134
    echo Skipping, MicrosoftEdgeUpdate.exe is not running.
4135
)
4136
:: Configure termination of "MicrosoftEdgeUpdate.exe" immediately upon its startup
4137
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe!Debugger"
4138
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
4139
:: Add a rule to prevent the executable "MicrosoftEdgeUpdate.exe" from running via File Explorer
4140
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MicrosoftEdgeUpdate.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
4141
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
4142
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
4143
:: Soft delete files matching pattern: "%PROGRAMFILES(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"  
4144
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
4145
:: Soft delete files matching pattern: "%PROGRAMFILES(x86)%\Microsoft\EdgeUpdate\*\MicrosoftEdgeUpdate.exe"  
4146
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES(x86)%\Microsoft\EdgeUpdate\*\MicrosoftEdgeUpdate.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
4147
:: ----------------------------------------------------------
4148
 
4149
 
4150
:: ----------------------------------------------------------
4151
:: ----Disable Edge automatic updates across all channels----
4152
:: ----------------------------------------------------------
4153
echo --- Disable Edge automatic updates across all channels
4154
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!UpdateDefault"
4155
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'UpdateDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4156
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Update{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}"
4157
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Update{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4158
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Update{2CD8A007-E189-409D-A2C8-9AF4EF3C72AA}"
4159
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Update{2CD8A007-E189-409D-A2C8-9AF4EF3C72AA}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4160
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Update{65C35B14-6C1D-4122-AC46-7148CC9D6497}"
4161
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Update{65C35B14-6C1D-4122-AC46-7148CC9D6497}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4162
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Update{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10}"
4163
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Update{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4164
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Update{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}"
4165
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Update{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4166
:: ----------------------------------------------------------
4167
 
4168
 
4169
:: ----------------------------------------------------------
4170
:: --------Disable Edge WebView and WebView2 updates---------
4171
:: ----------------------------------------------------------
4172
echo --- Disable Edge WebView and WebView2 updates
4173
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Update{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}"
4174
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Update{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4175
:: ----------------------------------------------------------
4176
 
4177
 
4178
:: ----------------------------------------------------------
4179
:: -----------Disable Edge automatic update checks-----------
4180
:: ----------------------------------------------------------
4181
echo --- Disable Edge automatic update checks
4182
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!AutoUpdateCheckPeriodMinutes"
4183
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'AutoUpdateCheckPeriodMinutes' /t 'REG_DWORD' /d "^""$data"^"" /f"
4184
:: ----------------------------------------------------------
4185
 
4186
 
4187
:: ----------------------------------------------------------
4188
:: --------Maximize Edge update suppression duration---------
4189
:: ----------------------------------------------------------
4190
echo --- Maximize Edge update suppression duration
4191
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!UpdatesSuppressedDurationMin"
4192
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '1440'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'UpdatesSuppressedDurationMin' /t 'REG_DWORD' /d "^""$data"^"" /f"
4193
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!UpdatesSuppressedStartHour"
4194
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'UpdatesSuppressedStartHour' /t 'REG_DWORD' /d "^""$data"^"" /f"
4195
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!UpdatesSuppressedStartMin"
4196
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'UpdatesSuppressedStartMin' /t 'REG_DWORD' /d "^""$data"^"" /f"
4197
:: ----------------------------------------------------------
4198
 
4199
 
4200
:: ----------------------------------------------------------
4201
:: ----------Disable Edge Copilot and Hubs Sidebar-----------
4202
:: ----------------------------------------------------------
4203
echo --- Disable Edge Copilot and Hubs Sidebar
4204
:: Configure "HubsSidebarEnabled" Edge policy
4205
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!HubsSidebarEnabled"
4206
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'HubsSidebarEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4207
:: Configure "StandaloneHubsSidebarEnabled" Edge policy
4208
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!StandaloneHubsSidebarEnabled"
4209
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'StandaloneHubsSidebarEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4210
:: Suggest restarting Edge for changes to take effect
4211
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4212
:: ----------------------------------------------------------
4213
 
4214
 
4215
:: ----------------------------------------------------------
4216
:: ------Disable Edge Copilot browsing data collection-------
4217
:: ----------------------------------------------------------
4218
echo --- Disable Edge Copilot browsing data collection
4219
:: Configure "DiscoverPageContextEnabled" Edge policy
4220
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!DiscoverPageContextEnabled"
4221
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'DiscoverPageContextEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4222
:: Configure "CopilotPageContext" Edge policy
4223
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!CopilotPageContext"
4224
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'CopilotPageContext' /t 'REG_DWORD' /d "^""$data"^"" /f"
4225
:: Configure "CopilotCDPPageContext" Edge policy
4226
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!CopilotCDPPageContext"
4227
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'CopilotCDPPageContext' /t 'REG_DWORD' /d "^""$data"^"" /f"
4228
:: ----------------------------------------------------------
4229
 
4230
 
4231
:: ----------------------------------------------------------
4232
:: -------Disable Edge Copilot access on new tab page--------
4233
:: ----------------------------------------------------------
4234
echo --- Disable Edge Copilot access on new tab page
4235
:: Configure "NewTabPageBingChatEnabled" Edge policy
4236
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!NewTabPageBingChatEnabled"
4237
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'NewTabPageBingChatEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4238
:: ----------------------------------------------------------
4239
 
4240
 
4241
:: ----------------------------------------------------------
4242
:: ----------Disable outdated Edge Discover button-----------
4243
:: ----------------------------------------------------------
4244
echo --- Disable outdated Edge Discover button
4245
:: Configure "EdgeDiscoverEnabled" Edge policy
4246
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!EdgeDiscoverEnabled"
4247
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'EdgeDiscoverEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4248
:: ----------------------------------------------------------
4249
 
4250
 
4251
:: ----------------------------------------------------------
4252
:: ----------Disable Edge spotlight recommendations----------
4253
:: ----------------------------------------------------------
4254
echo --- Disable Edge spotlight recommendations
4255
:: Configure "SpotlightExperiencesAndRecommendationsEnabled" Edge policy
4256
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SpotlightExperiencesAndRecommendationsEnabled"
4257
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SpotlightExperiencesAndRecommendationsEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4258
:: ----------------------------------------------------------
4259
 
4260
 
4261
:: ----------------------------------------------------------
4262
:: -----------------Disable Edge feature ads-----------------
4263
:: ----------------------------------------------------------
4264
echo --- Disable Edge feature ads
4265
:: Configure "ShowRecommendationsEnabled" Edge policy
4266
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!ShowRecommendationsEnabled"
4267
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'ShowRecommendationsEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4268
:: ----------------------------------------------------------
4269
 
4270
 
4271
:: ----------------------------------------------------------
4272
:: ------------------Disable Edge Bing ads-------------------
4273
:: ----------------------------------------------------------
4274
echo --- Disable Edge Bing ads
4275
:: Configure "BingAdsSuppression" Edge policy
4276
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!BingAdsSuppression"
4277
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'BingAdsSuppression' /t 'REG_DWORD' /d "^""$data"^"" /f"
4278
:: Suggest restarting Edge for changes to take effect
4279
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Microsoft Edge.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4280
:: ----------------------------------------------------------
4281
 
4282
 
4283
:: ----------------------------------------------------------
4284
:: --------------Disable Edge promotional pages--------------
4285
:: ----------------------------------------------------------
4286
echo --- Disable Edge promotional pages
4287
:: Configure "PromotionalTabsEnabled" Edge policy
4288
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!PromotionalTabsEnabled"
4289
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'PromotionalTabsEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4290
:: ----------------------------------------------------------
4291
 
4292
 
4293
:: ----------------------------------------------------------
4294
:: -----Disable Edge browsing history collection for ads-----
4295
:: ----------------------------------------------------------
4296
echo --- Disable Edge browsing history collection for ads
4297
:: Configure "PersonalizationReportingEnabled" Edge policy
4298
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!PersonalizationReportingEnabled"
4299
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'PersonalizationReportingEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4300
:: ----------------------------------------------------------
4301
 
4302
 
4303
:: ----------------------------------------------------------
4304
:: -----------------Disable Edge Insider ads-----------------
4305
:: ----------------------------------------------------------
4306
echo --- Disable Edge Insider ads
4307
:: Configure "MicrosoftEdgeInsiderPromotionEnabled" Edge policy
4308
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!MicrosoftEdgeInsiderPromotionEnabled"
4309
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'MicrosoftEdgeInsiderPromotionEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4310
:: ----------------------------------------------------------
4311
 
4312
 
4313
:: ----------------------------------------------------------
4314
:: -------Disable Edge Adobe Acrobat subscription ads--------
4315
:: ----------------------------------------------------------
4316
echo --- Disable Edge Adobe Acrobat subscription ads
4317
:: Configure "ShowAcrobatSubscriptionButton" Edge policy
4318
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!ShowAcrobatSubscriptionButton"
4319
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'ShowAcrobatSubscriptionButton' /t 'REG_DWORD' /d "^""$data"^"" /f"
4320
:: ----------------------------------------------------------
4321
 
4322
 
4323
:: Disable Edge top sites and sponsored links on new tab page
4324
echo --- Disable Edge top sites and sponsored links on new tab page
4325
:: Configure "NewTabPageHideDefaultTopSites" Edge policy
4326
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!NewTabPageHideDefaultTopSites"
4327
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'NewTabPageHideDefaultTopSites' /t 'REG_DWORD' /d "^""$data"^"" /f"
4328
:: ----------------------------------------------------------
4329
 
4330
 
4331
:: ----------------------------------------------------------
4332
:: -------------Enable Edge tracking prevention--------------
4333
:: ----------------------------------------------------------
4334
echo --- Enable Edge tracking prevention
4335
:: Configure "TrackingPrevention" Edge policy
4336
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!TrackingPrevention"
4337
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '3'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'TrackingPrevention' /t 'REG_DWORD' /d "^""$data"^"" /f"
4338
:: ----------------------------------------------------------
4339
 
4340
 
4341
:: ----------------------------------------------------------
4342
:: --------------Block Edge third party cookies--------------
4343
:: ----------------------------------------------------------
4344
echo --- Block Edge third party cookies
4345
:: Configure "BlockThirdPartyCookies" Edge policy
4346
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!BlockThirdPartyCookies"
4347
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'BlockThirdPartyCookies' /t 'REG_DWORD' /d "^""$data"^"" /f"
4348
:: ----------------------------------------------------------
4349
 
4350
 
4351
:: ----------------------------------------------------------
4352
:: ---------------Enable Do Not Track requests---------------
4353
:: ----------------------------------------------------------
4354
echo --- Enable Do Not Track requests
4355
:: Configure "ConfigureDoNotTrack" Edge policy
4356
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!ConfigureDoNotTrack"
4357
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'ConfigureDoNotTrack' /t 'REG_DWORD' /d "^""$data"^"" /f"
4358
:: ----------------------------------------------------------
4359
 
4360
 
4361
:: ----------------------------------------------------------
4362
:: ----------Disable automatic installation of Edge----------
4363
:: ----------------------------------------------------------
4364
echo --- Disable automatic installation of Edge
4365
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\EdgeUpdate!DoNotUpdateToEdgeWithChromium"
4366
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\EdgeUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\EdgeUpdate' /v 'DoNotUpdateToEdgeWithChromium' /t 'REG_DWORD' /d "^""$data"^"" /f"
4367
:: ----------------------------------------------------------
4368
 
4369
 
4370
:: Disable automatic installation of Edge across all channels
4371
echo --- Disable automatic installation of Edge across all channels
4372
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!InstallDefault"
4373
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'InstallDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4374
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Install{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}"
4375
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Install{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4376
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Install{2CD8A007-E189-409D-A2C8-9AF4EF3C72AA}"
4377
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Install{2CD8A007-E189-409D-A2C8-9AF4EF3C72AA}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4378
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Install{65C35B14-6C1D-4122-AC46-7148CC9D6497}"
4379
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Install{65C35B14-6C1D-4122-AC46-7148CC9D6497}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4380
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Install{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10}"
4381
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Install{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4382
:: ----------------------------------------------------------
4383
 
4384
 
4385
:: ----------------------------------------------------------
4386
:: --Disable automatic installation of WebView and WebView2--
4387
:: ----------------------------------------------------------
4388
echo --- Disable automatic installation of WebView and WebView2
4389
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate!Install{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}"
4390
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate' /v 'Install{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}' /t 'REG_DWORD' /d "^""$data"^"" /f"
4391
:: ----------------------------------------------------------
4392
 
4393
 
4394
:: ----------------------------------------------------------
4395
:: ----Disable sharing scanned software data with Google-----
4396
:: ----------------------------------------------------------
4397
echo --- Disable sharing scanned software data with Google
4398
:: Configure "ChromeCleanupReportingEnabled" Chrome policy
4399
:: Set the registry value: "HKLM\SOFTWARE\Policies\Google\Chrome!ChromeCleanupReportingEnabled"
4400
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Google\Chrome'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Google\Chrome' /v 'ChromeCleanupReportingEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4401
:: ----------------------------------------------------------
4402
 
4403
 
4404
:: ----------------------------------------------------------
4405
:: -----------Disable Chrome system cleanup scans------------
4406
:: ----------------------------------------------------------
4407
echo --- Disable Chrome system cleanup scans
4408
:: Configure "ChromeCleanupEnabled" Chrome policy
4409
:: Set the registry value: "HKLM\SOFTWARE\Policies\Google\Chrome!ChromeCleanupEnabled"
4410
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Google\Chrome'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Google\Chrome' /v 'ChromeCleanupEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4411
:: Suggest restarting Chrome for changes to take effect
4412
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart Google Chrome.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4413
:: ----------------------------------------------------------
4414
 
4415
 
4416
:: ----------------------------------------------------------
4417
:: -----Disable Cloud Clipboard (breaks clipboard sync)------
4418
:: ----------------------------------------------------------
4419
echo --- Disable Cloud Clipboard (breaks clipboard sync)
4420
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!AllowCrossDeviceClipboard"
4421
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'AllowCrossDeviceClipboard' /t 'REG_DWORD' /d "^""$data"^"" /f"
4422
:: Set the registry value: "HKCU\Software\Microsoft\Clipboard!CloudClipboardAutomaticUpload"
4423
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Clipboard'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Clipboard' /v 'CloudClipboardAutomaticUpload' /t 'REG_DWORD' /d "^""$data"^"" /f"
4424
:: ----------------------------------------------------------
4425
 
4426
 
4427
:: ----------------------------------------------------------
4428
:: ----------------Disable clipboard history-----------------
4429
:: ----------------------------------------------------------
4430
echo --- Disable clipboard history
4431
:: Set the registry value: "HKCU\Software\Microsoft\Clipboard!EnableClipboardHistory"
4432
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Clipboard'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Clipboard' /v 'EnableClipboardHistory' /t 'REG_DWORD' /d "^""$data"^"" /f"
4433
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!AllowClipboardHistory"
4434
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'AllowClipboardHistory' /t 'REG_DWORD' /d "^""$data"^"" /f"
4435
:: ----------------------------------------------------------
4436
 
4437
 
4438
:: Disable background clipboard data collection (`cbdhsvc`) (breaks clipboard history and sync)
4439
echo --- Disable background clipboard data collection (`cbdhsvc`) (breaks clipboard history and sync)
4440
:: Disable per-user "cbdhsvc" service for all users
4441
:: Disable the service `cbdhsvc` 
4442
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'cbdhsvc'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
4443
:: Disable per-user "cbdhsvc" service for individual user accounts
4444
:: Disable the service `cbdhsvc_*` 
4445
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'cbdhsvc_*'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
4446
:: ----------------------------------------------------------
4447
 
4448
 
4449
:: Mitigate Spectre Variant 2 and Meltdown in host operating system
4450
echo --- Mitigate Spectre Variant 2 and Meltdown in host operating system
4451
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management!FeatureSettingsOverrideMask"
4452
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management'; $data =  '3'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' /v 'FeatureSettingsOverrideMask' /t 'REG_DWORD' /d "^""$data"^"" /f"
4453
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management!FeatureSettingsOverride"
4454
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' /v 'FeatureSettingsOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
4455
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management!FeatureSettingsOverride"
4456
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management'; $data =  '64'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' /v 'FeatureSettingsOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
4457
:: ----------------------------------------------------------
4458
 
4459
 
4460
:: ----------------------------------------------------------
4461
:: ----Mitigate Spectre Variant 2 and Meltdown in Hyper-V----
4462
:: ----------------------------------------------------------
4463
echo --- Mitigate Spectre Variant 2 and Meltdown in Hyper-V
4464
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization!MinVmVersionForCpuBasedMitigations"
4465
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization'; $data =  '1.0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization' /v 'MinVmVersionForCpuBasedMitigations' /t 'REG_SZ' /d "^""$data"^"" /f"
4466
:: ----------------------------------------------------------
4467
 
4468
 
4469
:: ----------------------------------------------------------
4470
:: -------Enable strong Diffie-Hellman key requirement-------
4471
:: ----------------------------------------------------------
4472
echo --- Enable strong Diffie-Hellman key requirement
4473
:: Require "Diffie-Hellman" key exchange algorithm to have at "2048" least bits keys for TLS/SSL connections
4474
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman!ServerMinKeyBitLength"
4475
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman'; $data =  '2048'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman' /v 'ServerMinKeyBitLength' /t 'REG_DWORD' /d "^""$data"^"" /f"
4476
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman!ClientMinKeyBitLength"
4477
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman'; $data =  '2048'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman' /v 'ClientMinKeyBitLength' /t 'REG_DWORD' /d "^""$data"^"" /f"
4478
:: ----------------------------------------------------------
4479
 
4480
 
4481
:: ----------------------------------------------------------
4482
:: --Enable strong RSA key requirement (breaks Hyper-V VMs)--
4483
:: ----------------------------------------------------------
4484
echo --- Enable strong RSA key requirement (breaks Hyper-V VMs)
4485
:: Require "PKCS" key exchange algorithm to have at "2048" least bits keys for TLS/SSL connections
4486
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS!ServerMinKeyBitLength"
4487
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS'; $data =  '2048'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS' /v 'ServerMinKeyBitLength' /t 'REG_DWORD' /d "^""$data"^"" /f"
4488
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS!ClientMinKeyBitLength"
4489
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS'; $data =  '2048'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS' /v 'ClientMinKeyBitLength' /t 'REG_DWORD' /d "^""$data"^"" /f"
4490
:: ----------------------------------------------------------
4491
 
4492
 
4493
:: ----------------------------------------------------------
4494
:: --------------Disable insecure renegotiation--------------
4495
:: ----------------------------------------------------------
4496
echo --- Disable insecure renegotiation
4497
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoClients"
4498
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'AllowInsecureRenegoClients' /t 'REG_DWORD' /d "^""$data"^"" /f"
4499
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoServers"
4500
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'AllowInsecureRenegoServers' /t 'REG_DWORD' /d "^""$data"^"" /f"
4501
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnServer"
4502
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'DisableRenegoOnServer' /t 'REG_DWORD' /d "^""$data"^"" /f"
4503
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnClient"
4504
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'DisableRenegoOnClient' /t 'REG_DWORD' /d "^""$data"^"" /f"
4505
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!UseScsvForTls"
4506
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'UseScsvForTls' /t 'REG_DWORD' /d "^""$data"^"" /f"
4507
:: ----------------------------------------------------------
4508
 
4509
 
4510
:: ----------------------------------------------------------
4511
:: -------Disable insecure connections from .NET apps--------
4512
:: ----------------------------------------------------------
4513
echo --- Disable insecure connections from .NET apps
4514
:: Configure "SchUseStrongCrypto" for .NET applications
4515
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
4516
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
4517
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
4518
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727'; $data =  '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
4519
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
4520
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
4521
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
4522
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'; $data =  '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
4523
:: Suggest restarting computer for changes to take effect
4524
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4525
:: ----------------------------------------------------------
4526
 
4527
 
4528
:: ----------------------------------------------------------
4529
:: ------------Enable secure "DTLS 1.2" protocol-------------
4530
:: ----------------------------------------------------------
4531
echo --- Enable secure "DTLS 1.2" protocol
4532
:: Enable "DTLS 1.2" protocol as default for TLS/SSL connections
4533
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Server!Enabled"
4534
:: This operation will not run on Windows versions earlier than Windows10-1607.
4535
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1607'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Server'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Server' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4536
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Server!DisabledByDefault"
4537
:: This operation will not run on Windows versions earlier than Windows10-1607.
4538
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1607'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Server'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Server' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4539
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client!Enabled"
4540
:: This operation will not run on Windows versions earlier than Windows10-1607.
4541
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1607'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4542
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client!DisabledByDefault"
4543
:: This operation will not run on Windows versions earlier than Windows10-1607.
4544
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1607'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.2\Client' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4545
:: ----------------------------------------------------------
4546
 
4547
 
4548
:: ----------------------------------------------------------
4549
:: -------------Enable secure "TLS 1.3" protocol-------------
4550
:: ----------------------------------------------------------
4551
echo --- Enable secure "TLS 1.3" protocol
4552
:: Enable "TLS 1.3" protocol as default for TLS/SSL connections
4553
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server!Enabled"
4554
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
4555
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4556
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server!DisabledByDefault"
4557
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
4558
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4559
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client!Enabled"
4560
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
4561
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4562
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client!DisabledByDefault"
4563
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
4564
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4565
:: ----------------------------------------------------------
4566
 
4567
 
4568
:: ----------------------------------------------------------
4569
:: ------Enable secure connections for legacy .NET apps------
4570
:: ----------------------------------------------------------
4571
echo --- Enable secure connections for legacy .NET apps
4572
:: Configure "SystemDefaultTlsVersions" for .NET applications
4573
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727!SystemDefaultTlsVersions"
4574
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' /v 'SystemDefaultTlsVersions' /t 'REG_DWORD' /d "^""$data"^"" /f"
4575
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727!SystemDefaultTlsVersions"
4576
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727'; $data =  '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727' /v 'SystemDefaultTlsVersions' /t 'REG_DWORD' /d "^""$data"^"" /f"
4577
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319!SystemDefaultTlsVersions"
4578
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' /v 'SystemDefaultTlsVersions' /t 'REG_DWORD' /d "^""$data"^"" /f"
4579
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319!SystemDefaultTlsVersions"
4580
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'; $data =  '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' /v 'SystemDefaultTlsVersions' /t 'REG_DWORD' /d "^""$data"^"" /f"
4581
:: ----------------------------------------------------------
4582
 
4583
 
4584
:: ----------------------------------------------------------
4585
:: ----------Disable basic authentication in WinRM-----------
4586
:: ----------------------------------------------------------
4587
echo --- Disable basic authentication in WinRM
4588
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client!AllowBasic"
4589
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client' /v 'AllowBasic' /t 'REG_DWORD' /d "^""$data"^"" /f"
4590
:: ----------------------------------------------------------
4591
 
4592
 
4593
:: Disable unauthorized user account discovery (anonymous SAM enumeration)
4594
echo --- Disable unauthorized user account discovery (anonymous SAM enumeration)
4595
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Lsa!restrictanonymoussam"
4596
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Lsa'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Lsa' /v 'restrictanonymoussam' /t 'REG_DWORD' /d "^""$data"^"" /f"
4597
:: ----------------------------------------------------------
4598
 
4599
 
4600
:: ----------------------------------------------------------
4601
:: ----Disable anonymous access to named pipes and shares----
4602
:: ----------------------------------------------------------
4603
echo --- Disable anonymous access to named pipes and shares
4604
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters!restrictnullsessaccess"
4605
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters' /v 'restrictnullsessaccess' /t 'REG_DWORD' /d "^""$data"^"" /f"
4606
:: ----------------------------------------------------------
4607
 
4608
 
4609
:: Disable hidden remote file access via administrative shares (breaks remote system management software)
4610
echo --- Disable hidden remote file access via administrative shares (breaks remote system management software)
4611
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters!AutoShareWks"
4612
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' /v 'AutoShareWks' /t 'REG_DWORD' /d "^""$data"^"" /f"
4613
:: ----------------------------------------------------------
4614
 
4615
 
4616
:: ----------------------------------------------------------
4617
:: ---------Disable anonymous enumeration of shares----------
4618
:: ----------------------------------------------------------
4619
echo --- Disable anonymous enumeration of shares
4620
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\LSA!restrictanonymous"
4621
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\LSA'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\LSA' /v 'restrictanonymous' /t 'REG_DWORD' /d "^""$data"^"" /f"
4622
:: ----------------------------------------------------------
4623
 
4624
 
4625
:: ----------------------------------------------------------
4626
:: -------------Disable "Telnet Client" feature--------------
4627
:: ----------------------------------------------------------
4628
echo --- Disable "Telnet Client" feature
4629
:: Disable the "TelnetClient" feature
4630
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'TelnetClient'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
4631
:: ----------------------------------------------------------
4632
 
4633
 
4634
:: Remove "RAS Connection Manager Administration Kit (CMAK)" capability
4635
echo --- Remove "RAS Connection Manager Administration Kit (CMAK)" capability
4636
PowerShell -ExecutionPolicy Unrestricted -Command "Get-WindowsCapability -Online -Name 'RasCMAK.Client*' | Remove-WindowsCapability -Online"
4637
:: ----------------------------------------------------------
4638
 
4639
 
4640
:: ----------------------------------------------------------
4641
:: --------Disable Windows Remote Assistance feature---------
4642
:: ----------------------------------------------------------
4643
echo --- Disable Windows Remote Assistance feature
4644
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance!fAllowToGetHelp"
4645
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance' /v 'fAllowToGetHelp' /t 'REG_DWORD' /d "^""$data"^"" /f"
4646
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance!fAllowFullControl"
4647
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance' /v 'fAllowFullControl' /t 'REG_DWORD' /d "^""$data"^"" /f"
4648
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowBasic"
4649
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' /v 'AllowBasic' /t 'REG_DWORD' /d "^""$data"^"" /f"
4650
:: ----------------------------------------------------------
4651
 
4652
 
4653
:: ----------------------------------------------------------
4654
:: ----------Disable "Net.TCP Port Sharing" feature----------
4655
:: ----------------------------------------------------------
4656
echo --- Disable "Net.TCP Port Sharing" feature
4657
:: Disable the "WCF-TCP-PortSharing45" feature
4658
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'WCF-TCP-PortSharing45'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
4659
:: ----------------------------------------------------------
4660
 
4661
 
4662
:: ----------------------------------------------------------
4663
:: ---------------Disable "SMB Direct" feature---------------
4664
:: ----------------------------------------------------------
4665
echo --- Disable "SMB Direct" feature
4666
:: Disable the "SmbDirect" feature
4667
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'SmbDirect'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
4668
:: ----------------------------------------------------------
4669
 
4670
 
4671
:: ----------------------------------------------------------
4672
:: --------------Disable "TFTP Client" feature---------------
4673
:: ----------------------------------------------------------
4674
echo --- Disable "TFTP Client" feature
4675
:: Disable the "TFTP" feature
4676
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'TFTP'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
4677
:: ----------------------------------------------------------
4678
 
4679
 
4680
:: ----------------------------------------------------------
4681
:: -------------Remove "RIP Listener" capability-------------
4682
:: ----------------------------------------------------------
4683
echo --- Remove "RIP Listener" capability
4684
PowerShell -ExecutionPolicy Unrestricted -Command "Get-WindowsCapability -Online -Name 'RIP.Listener*' | Remove-WindowsCapability -Online"
4685
:: ----------------------------------------------------------
4686
 
4687
 
4688
:: Remove "Simple Network Management Protocol (SNMP)" capability
4689
echo --- Remove "Simple Network Management Protocol (SNMP)" capability
4690
PowerShell -ExecutionPolicy Unrestricted -Command "Get-WindowsCapability -Online -Name 'SNMP.Client*' | Remove-WindowsCapability -Online"
4691
:: ----------------------------------------------------------
4692
 
4693
 
4694
:: ----------------------------------------------------------
4695
:: ----------Remove "SNMP WMI Provider" capability-----------
4696
:: ----------------------------------------------------------
4697
echo --- Remove "SNMP WMI Provider" capability
4698
PowerShell -ExecutionPolicy Unrestricted -Command "Get-WindowsCapability -Online -Name 'WMI-SNMP-Provider.Client*' | Remove-WindowsCapability -Online"
4699
:: ----------------------------------------------------------
4700
 
4701
 
4702
:: ----------------------------------------------------------
4703
:: --------------Disable insecure "RC2" ciphers--------------
4704
:: ----------------------------------------------------------
4705
echo --- Disable insecure "RC2" ciphers
4706
:: Disable the use of "RC2 40/128" cipher algorithm for TLS/SSL connections
4707
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128!Enabled"
4708
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4709
:: Disable the use of "RC2 56/128" cipher algorithm for TLS/SSL connections
4710
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128!Enabled"
4711
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4712
:: Disable the use of "RC2 128/128" cipher algorithm for TLS/SSL connections
4713
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128!Enabled"
4714
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4715
:: ----------------------------------------------------------
4716
 
4717
 
4718
:: ----------------------------------------------------------
4719
:: --------------Disable insecure "RC4" ciphers--------------
4720
:: ----------------------------------------------------------
4721
echo --- Disable insecure "RC4" ciphers
4722
:: Disable the use of "RC4 128/128" cipher algorithm for TLS/SSL connections
4723
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128!Enabled"
4724
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4725
:: Disable the use of "RC4 64/128" cipher algorithm for TLS/SSL connections
4726
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128!Enabled"
4727
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4728
:: Disable the use of "RC4 56/128" cipher algorithm for TLS/SSL connections
4729
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128!Enabled"
4730
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4731
:: Disable the use of "RC4 40/128" cipher algorithm for TLS/SSL connections
4732
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128!Enabled"
4733
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4734
:: ----------------------------------------------------------
4735
 
4736
 
4737
:: ----------------------------------------------------------
4738
:: --------------Disable insecure "DES" cipher---------------
4739
:: ----------------------------------------------------------
4740
echo --- Disable insecure "DES" cipher
4741
:: Disable the use of "DES 56/56" cipher algorithm for TLS/SSL connections
4742
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56!Enabled"
4743
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4744
:: ----------------------------------------------------------
4745
 
4746
 
4747
:: ----------------------------------------------------------
4748
:: -----------Disable insecure "Triple DES" cipher-----------
4749
:: ----------------------------------------------------------
4750
echo --- Disable insecure "Triple DES" cipher
4751
:: Disable the use of "Triple DES 168" cipher algorithm for TLS/SSL connections
4752
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168!Enabled"
4753
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4754
:: Disable the use of "Triple DES 168/168" cipher algorithm for TLS/SSL connections
4755
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168!Enabled"
4756
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4757
:: ----------------------------------------------------------
4758
 
4759
 
4760
:: ----------------------------------------------------------
4761
:: --------------Disable insecure "NULL" cipher--------------
4762
:: ----------------------------------------------------------
4763
echo --- Disable insecure "NULL" cipher
4764
:: Disable the use of "NULL" cipher algorithm for TLS/SSL connections
4765
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL!Enabled"
4766
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4767
:: ----------------------------------------------------------
4768
 
4769
 
4770
:: ----------------------------------------------------------
4771
:: ---------------Disable insecure "MD5" hash----------------
4772
:: ----------------------------------------------------------
4773
echo --- Disable insecure "MD5" hash
4774
:: Disable usage of "MD5" hash algorithm for TLS/SSL connections
4775
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5!Enabled"
4776
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4777
:: ----------------------------------------------------------
4778
 
4779
 
4780
:: ----------------------------------------------------------
4781
:: --------------Disable insecure "SHA-1" hash---------------
4782
:: ----------------------------------------------------------
4783
echo --- Disable insecure "SHA-1" hash
4784
:: Disable usage of "SHA" hash algorithm for TLS/SSL connections
4785
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA!Enabled"
4786
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4787
:: ----------------------------------------------------------
4788
 
4789
 
4790
:: ----------------------------------------------------------
4791
:: ------------Disable insecure "SMBv1" protocol-------------
4792
:: ----------------------------------------------------------
4793
echo --- Disable insecure "SMBv1" protocol
4794
:: Disable the "SMB1Protocol" feature
4795
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'SMB1Protocol'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
4796
:: Disable the "SMB1Protocol-Client" feature
4797
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'SMB1Protocol-Client'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
4798
:: Disable the "SMB1Protocol-Server" feature
4799
PowerShell -ExecutionPolicy Unrestricted -Command "$featureName = 'SMB1Protocol-Server'; $feature = Get-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -ErrorAction Stop; if (-Not $feature) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is not found. No action required."^""; Exit 0; }; if ($feature.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled) { Write-Output "^""Skipping: The feature `"^""$featureName`"^"" is already disabled. No action required."^""; Exit 0; }; try { Write-Host "^""Disabling feature: `"^""$featureName`"^""."^""; Disable-WindowsOptionalFeature -FeatureName "^""$featureName"^"" -Online -NoRestart -LogLevel ([Microsoft.Dism.Commands.LogLevel]::Errors) -WarningAction SilentlyContinue -ErrorAction Stop | Out-Null; } catch { Write-Error "^""Failed to disable the feature `"^""$featureName`"^"": $($_.Exception.Message)"^""; Exit 1; }; Write-Output "^""Successfully disabled the feature `"^""$featureName`"^""."^""; Exit 0"
4800
:: Disable service(s): `mrxsmb10`
4801
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'mrxsmb10'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
4802
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
4803
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters!SMBv1"
4804
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' /v 'SMBv1' /t 'REG_DWORD' /d "^""$data"^"" /f"
4805
:: Suggest restarting computer for changes to take effect
4806
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
4807
:: ----------------------------------------------------------
4808
 
4809
 
4810
:: ----------------------------------------------------------
4811
:: -----------Disable insecure "NetBios" protocol------------
4812
:: ----------------------------------------------------------
4813
echo --- Disable insecure "NetBios" protocol
4814
PowerShell -ExecutionPolicy Unrestricted -Command "$key = 'HKLM:SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces'; Get-ChildItem $key | ForEach { Set-ItemProperty -Path "^""$key\$($_.PSChildName)"^"" -Name NetbiosOptions -Value 2 -Verbose; }"
4815
:: ----------------------------------------------------------
4816
 
4817
 
4818
:: ----------------------------------------------------------
4819
:: -----------Disable insecure "SSL 2.0" protocol------------
4820
:: ----------------------------------------------------------
4821
echo --- Disable insecure "SSL 2.0" protocol
4822
:: Disable usage of "SSL 2.0" protocol for TLS/SSL connections
4823
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server!Enabled"
4824
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4825
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server!DisabledByDefault"
4826
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4827
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client!Enabled"
4828
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4829
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client!DisabledByDefault"
4830
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4831
:: ----------------------------------------------------------
4832
 
4833
 
4834
:: ----------------------------------------------------------
4835
:: -----------Disable insecure "SSL 3.0" protocol------------
4836
:: ----------------------------------------------------------
4837
echo --- Disable insecure "SSL 3.0" protocol
4838
:: Disable usage of "SSL 3.0" protocol for TLS/SSL connections
4839
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server!Enabled"
4840
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4841
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server!DisabledByDefault"
4842
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4843
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client!Enabled"
4844
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4845
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client!DisabledByDefault"
4846
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4847
:: ----------------------------------------------------------
4848
 
4849
 
4850
:: ----------------------------------------------------------
4851
:: -----------Disable insecure "TLS 1.0" protocol------------
4852
:: ----------------------------------------------------------
4853
echo --- Disable insecure "TLS 1.0" protocol
4854
:: Disable usage of "TLS 1.0" protocol for TLS/SSL connections
4855
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server!Enabled"
4856
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4857
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server!DisabledByDefault"
4858
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4859
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client!Enabled"
4860
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4861
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client!DisabledByDefault"
4862
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4863
:: ----------------------------------------------------------
4864
 
4865
 
4866
:: ----------------------------------------------------------
4867
:: -----------Disable insecure "TLS 1.1" protocol------------
4868
:: ----------------------------------------------------------
4869
echo --- Disable insecure "TLS 1.1" protocol
4870
:: Disable usage of "TLS 1.1" protocol for TLS/SSL connections
4871
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server!Enabled"
4872
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4873
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server!DisabledByDefault"
4874
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4875
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client!Enabled"
4876
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4877
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client!DisabledByDefault"
4878
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4879
:: ----------------------------------------------------------
4880
 
4881
 
4882
:: ----------------------------------------------------------
4883
:: -----------Disable insecure "DTLS 1.0" protocol-----------
4884
:: ----------------------------------------------------------
4885
echo --- Disable insecure "DTLS 1.0" protocol
4886
:: Disable usage of "DTLS 1.0" protocol for TLS/SSL connections
4887
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Server!Enabled"
4888
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Server'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Server' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4889
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Server!DisabledByDefault"
4890
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Server'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Server' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4891
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Client!Enabled"
4892
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Client'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Client' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
4893
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Client!DisabledByDefault"
4894
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Client'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\DTLS 1.0\Client' /v 'DisabledByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
4895
:: ----------------------------------------------------------
4896
 
4897
 
4898
:: ----------------------------------------------------------
4899
:: ----------Disable insecure "LM & NTLM" protocols----------
4900
:: ----------------------------------------------------------
4901
echo --- Disable insecure "LM ^& NTLM" protocols
4902
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\Lsa!LmCompatibilityLevel"
4903
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\Lsa'; $data =  '5'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Lsa' /v 'LmCompatibilityLevel' /t 'REG_DWORD' /d "^""$data"^"" /f"
4904
:: ----------------------------------------------------------
4905
 
4906
 
4907
:: ----------------------------------------------------------
4908
:: --------------Block Dropbox telemetry hosts---------------
4909
:: ----------------------------------------------------------
4910
echo --- Block Dropbox telemetry hosts
4911
:: Add hosts entries for telemetry.dropbox.com
4912
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='telemetry.dropbox.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
4913
:: Add hosts entries for telemetry.v.dropbox.com
4914
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='telemetry.v.dropbox.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
4915
:: ----------------------------------------------------------
4916
 
4917
 
4918
:: ----------------------------------------------------------
4919
:: --------------Block Spotify Live Tile hosts---------------
4920
:: ----------------------------------------------------------
4921
echo --- Block Spotify Live Tile hosts
4922
:: Add hosts entries for spclient.wg.spotify.com
4923
PowerShell -ExecutionPolicy Unrestricted -Command "$domain ='spclient.wg.spotify.com'; $hostsFilePath = "^""$env:SYSTEMROOT\System32\drivers\etc\hosts"^""; $comment = "^""managed by privacy.sexy"^""; $hostsFileEncoding = [Microsoft.PowerShell.Commands.FileSystemCmdletProviderEncoding]::Utf8; $blockingHostsEntries = @(; @{ AddressType = "^""IPv4"^"";  IPAddress = '0.0.0.0'; }; @{ AddressType = "^""IPv6"^"";  IPAddress = '::1'; }; ); try { $isHostsFilePresent = Test-Path -Path $hostsFilePath -PathType Leaf -ErrorAction Stop; } catch { Write-Error "^""Failed to check hosts file existence. Error: $_"^""; exit 1; }; if (-Not $isHostsFilePresent) { Write-Output "^""Creating a new hosts file at $hostsFilePath."^""; try { New-Item -Path $hostsFilePath -ItemType File -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created the hosts file."^""; } catch { Write-Error "^""Failed to create the hosts file. Error: $_"^""; exit 1; }; }; foreach ($blockingEntry in $blockingHostsEntries) { Write-Output "^""Processing addition for $($blockingEntry.AddressType) entry."^""; try { $hostsFileContents = Get-Content -Path "^""$hostsFilePath"^"" -Raw -Encoding $hostsFileEncoding -ErrorAction Stop; } catch { Write-Error "^""Failed to read the hosts file. Error: $_"^""; continue; }; $hostsEntryLine = "^""$($blockingEntry.IPAddress)`t$domain $([char]35) $comment"^""; if ((-Not [String]::IsNullOrWhiteSpace($hostsFileContents)) -And ($hostsFileContents.Contains($hostsEntryLine))) { Write-Output 'Skipping, entry already exists.'; continue; }; try { Add-Content -Path $hostsFilePath -Value $hostsEntryLine -Encoding $hostsFileEncoding -ErrorAction Stop; Write-Output 'Successfully added the entry.'; } catch { Write-Error "^""Failed to add the entry. Error: $_"^""; continue; }; }"
4924
:: ----------------------------------------------------------
4925
 
4926
 
4927
:: ----------------------------------------------------------
4928
:: ----------Disable Automatic Updates (AU) feature----------
4929
:: ----------------------------------------------------------
4930
echo --- Disable Automatic Updates (AU) feature
4931
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate"
4932
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' /v 'NoAutoUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
4933
:: ----------------------------------------------------------
4934
 
4935
 
4936
:: Disable automatic installation of Windows updates without user consent
4937
echo --- Disable automatic installation of Windows updates without user consent
4938
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions"
4939
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' /v 'AUOptions' /t 'REG_DWORD' /d "^""$data"^"" /f"
4940
:: ----------------------------------------------------------
4941
 
4942
 
4943
:: ----------------------------------------------------------
4944
:: -Disable automatic daily installation of Windows updates--
4945
:: ----------------------------------------------------------
4946
echo --- Disable automatic daily installation of Windows updates
4947
:: Delete the registry value "ScheduledInstallDay" from the key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" 
4948
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'; $valueName = 'ScheduledInstallDay'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
4949
:: ----------------------------------------------------------
4950
 
4951
 
4952
:: ----------------------------------------------------------
4953
:: -----------Disable scheduled automatic updates------------
4954
:: ----------------------------------------------------------
4955
echo --- Disable scheduled automatic updates
4956
:: Delete the registry value "ScheduledInstallTime" from the key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" 
4957
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'; $valueName = 'ScheduledInstallTime'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
4958
:: ----------------------------------------------------------
4959
 
4960
 
4961
:: ----------------------------------------------------------
4962
:: --Disable saving of zone information in downloaded files--
4963
:: ----------------------------------------------------------
4964
echo --- Disable saving of zone information in downloaded files
4965
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments!SaveZoneInformation"
4966
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments' /v 'SaveZoneInformation' /t 'REG_DWORD' /d "^""$data"^"" /f"
4967
:: ----------------------------------------------------------
4968
 
4969
 
4970
:: Disable notifications to antivirus programs for downloaded files
4971
echo --- Disable notifications to antivirus programs for downloaded files
4972
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments!ScanWithAntiVirus"
4973
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments' /v 'ScanWithAntiVirus' /t 'REG_DWORD' /d "^""$data"^"" /f"
4974
:: ----------------------------------------------------------
4975
 
4976
 
4977
:: Disable "Malicious Software Reporting Tool" diagnostic data
4978
echo --- Disable "Malicious Software Reporting Tool" diagnostic data
4979
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\MRT!DontReportInfectionInformation"
4980
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\MRT'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\MRT' /v 'DontReportInfectionInformation' /t 'REG_DWORD' /d "^""$data"^"" /f"
4981
:: ----------------------------------------------------------
4982
 
4983
 
4984
:: ----------------------------------------------------------
4985
:: ----Disable Defender Antivirus Watson event reporting-----
4986
:: ----------------------------------------------------------
4987
echo --- Disable Defender Antivirus Watson event reporting
4988
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting!DisableGenericRePorts"
4989
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' /v 'DisableGenericRePorts' /t 'REG_DWORD' /d "^""$data"^"" /f"
4990
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting!DisableGenericRePorts"
4991
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' /v 'DisableGenericRePorts' /t 'REG_DWORD' /d "^""$data"^"" /f"
4992
:: ----------------------------------------------------------
4993
 
4994
 
4995
:: ----------------------------------------------------------
4996
:: -----------Disable Defender Antivirus telemetry-----------
4997
:: ----------------------------------------------------------
4998
echo --- Disable Defender Antivirus telemetry
4999
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableCoreService1DSTelemetry'; $value = $False; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableCoreService1DSTelemetry $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5000
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Features!DisableCoreService1DSTelemetry"
5001
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Features'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Features' /v 'DisableCoreService1DSTelemetry' /t 'REG_DWORD' /d "^""$data"^"" /f"
5002
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService!DisableCoreService1DSTelemetry"
5003
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService'''+"^""`r`n"^""+'$data =  ''1'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService'' `'+"^""`r`n"^""+'    /v ''DisableCoreService1DSTelemetry'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5004
:: ----------------------------------------------------------
5005
 
5006
 
5007
:: Disable Defender Antivirus remote experimentation and configurations
5008
echo --- Disable Defender Antivirus remote experimentation and configurations
5009
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableCoreServiceECSIntegration'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableCoreServiceECSIntegration $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5010
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Features!DisableCoreServiceECSIntegration"
5011
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Features'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Features' /v 'DisableCoreServiceECSIntegration' /t 'REG_DWORD' /d "^""$data"^"" /f"
5012
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService!DisableCoreServiceECSIntegration"
5013
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService'''+"^""`r`n"^""+'$data =  ''1'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\CoreService'' `'+"^""`r`n"^""+'    /v ''DisableCoreServiceECSIntegration'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5014
:: ----------------------------------------------------------
5015
 
5016
 
5017
:: ----------------------------------------------------------
5018
:: -----Disable Defender Antivirus Azure data collection-----
5019
:: ----------------------------------------------------------
5020
echo --- Disable Defender Antivirus Azure data collection
5021
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpAzSubmit.dll"  as TrustedInstaller
5022
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpAzSubmit.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5023
:: ----------------------------------------------------------
5024
 
5025
 
5026
:: ----------------------------------------------------------
5027
:: -------Disable Defender Antivirus minifilter driver-------
5028
:: ----------------------------------------------------------
5029
echo --- Disable Defender Antivirus minifilter driver
5030
:: Delete the registry value "Altitude" from the key "HKLM\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance" 
5031
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance'; $valueName = 'Altitude'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
5032
:: Disable the service `WdFilter` using TrustedInstaller privileges
5033
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''WdFilter'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5034
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\WdFilter.sys" with additional permissions 
5035
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\WdFilter.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5036
:: ----------------------------------------------------------
5037
 
5038
 
5039
:: ----------------------------------------------------------
5040
:: ----------Disable Defender Antivirus boot driver----------
5041
:: ----------------------------------------------------------
5042
echo --- Disable Defender Antivirus boot driver
5043
:: Disable the service `WdBoot` using TrustedInstaller privileges
5044
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''WdBoot'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5045
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\WdBoot.sys" with additional permissions 
5046
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\WdBoot.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5047
:: Soft delete files matching pattern: "%SYSTEMROOT%\ELAMBKUP\WdBoot.sys" with additional permissions 
5048
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\ELAMBKUP\WdBoot.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5049
:: Delete the registry value "BackupPath" from the key "HKLM\SYSTEM\CurrentControlSet\Control\EarlyLaunch" 
5050
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SYSTEM\CurrentControlSet\Control\EarlyLaunch'; $valueName = 'BackupPath'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
5051
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Config\elam"  
5052
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\Config\elam"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
5053
:: ----------------------------------------------------------
5054
 
5055
 
5056
:: ----------------------------------------------------------
5057
:: ------------Disable security event monitoring-------------
5058
:: ----------------------------------------------------------
5059
echo --- Disable security event monitoring
5060
:: Disable service(s): `MsSecFlt`
5061
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'MsSecFlt'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
5062
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\MsSecFlt.sys" with additional permissions 
5063
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\MsSecFlt.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5064
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\mssecuser.dll" with additional permissions 
5065
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\mssecuser.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5066
:: ----------------------------------------------------------
5067
 
5068
 
5069
:: ----------------------------------------------------------
5070
:: ----------------Disable Secure Boot driver----------------
5071
:: ----------------------------------------------------------
5072
echo --- Disable Secure Boot driver
5073
:: Disable service(s): `MsSecCore`
5074
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'MsSecCore'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
5075
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\msseccore.sys" with additional permissions 
5076
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\msseccore.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5077
:: ----------------------------------------------------------
5078
 
5079
 
5080
:: ----------------------------------------------------------
5081
:: ----------------Disable Tamper Protection-----------------
5082
:: ----------------------------------------------------------
5083
echo --- Disable Tamper Protection
5084
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\Features!TamperProtection"
5085
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'''+"^""`r`n"^""+'$data =  ''4'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'' `'+"^""`r`n"^""+'    /v ''TamperProtection'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5086
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\Features!TamperProtectionSource"
5087
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'''+"^""`r`n"^""+'$data =  ''2'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'' `'+"^""`r`n"^""+'    /v ''TamperProtectionSource'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5088
:: ----------------------------------------------------------
5089
 
5090
 
5091
:: ----------------------------------------------------------
5092
:: -------Disable virtualization-based security (VBS)--------
5093
:: ----------------------------------------------------------
5094
echo --- Disable virtualization-based security (VBS)
5095
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!EnableVirtualizationBasedSecurity"
5096
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'EnableVirtualizationBasedSecurity' /t 'REG_DWORD' /d "^""$data"^"" /f"
5097
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!EnableVirtualizationBasedSecurity"
5098
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'EnableVirtualizationBasedSecurity' /t 'REG_DWORD' /d "^""$data"^"" /f"
5099
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!RequirePlatformSecurityFeatures"
5100
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'RequirePlatformSecurityFeatures' /t 'REG_DWORD' /d "^""$data"^"" /f"
5101
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!RequirePlatformSecurityFeatures"
5102
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'RequirePlatformSecurityFeatures' /t 'REG_DWORD' /d "^""$data"^"" /f"
5103
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!Locked"
5104
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'Locked' /t 'REG_DWORD' /d "^""$data"^"" /f"
5105
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!NoLock"
5106
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'NoLock' /t 'REG_DWORD' /d "^""$data"^"" /f"
5107
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!Unlocked"
5108
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data =  '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'Unlocked' /t 'REG_DWORD' /d "^""$data"^"" /f"
5109
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity!Locked"
5110
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity' /v 'Locked' /t 'REG_DWORD' /d "^""$data"^"" /f"
5111
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!RequireMicrosoftSignedBootChain"
5112
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'RequireMicrosoftSignedBootChain' /t 'REG_DWORD' /d "^""$data"^"" /f"
5113
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity!Enabled"
5114
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
5115
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!HypervisorEnforcedCodeIntegrity"
5116
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'HypervisorEnforcedCodeIntegrity' /t 'REG_DWORD' /d "^""$data"^"" /f"
5117
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard!Mandatory"
5118
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard' /v 'Mandatory' /t 'REG_DWORD' /d "^""$data"^"" /f"
5119
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity!HVCIMATRequired"
5120
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity' /v 'HVCIMATRequired' /t 'REG_DWORD' /d "^""$data"^"" /f"
5121
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!HVCIMATRequired"
5122
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'HVCIMATRequired' /t 'REG_DWORD' /d "^""$data"^"" /f"
5123
:: ----------------------------------------------------------
5124
 
5125
 
5126
:: ----------------------------------------------------------
5127
:: -----------Disable outdated Defender Antivirus------------
5128
:: ----------------------------------------------------------
5129
echo --- Disable outdated Defender Antivirus
5130
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender!DisableAntiSpyware"
5131
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender' /v 'DisableAntiSpyware' /t 'REG_DWORD' /d "^""$data"^"" /f"
5132
:: ----------------------------------------------------------
5133
 
5134
 
5135
:: ----------------------------------------------------------
5136
:: Disable Potentially Unwanted Application (PUA) protection-
5137
:: ----------------------------------------------------------
5138
echo --- Disable Potentially Unwanted Application (PUA) protection
5139
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'PUAProtection'; $value = '0'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -PUAProtection $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5140
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine!MpEnablePus"
5141
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine' /v 'MpEnablePus' /t 'REG_DWORD' /d "^""$data"^"" /f"
5142
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender!PUAProtection"
5143
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender' /v 'PUAProtection' /t 'REG_DWORD' /d "^""$data"^"" /f"
5144
:: ----------------------------------------------------------
5145
 
5146
 
5147
:: ----------------------------------------------------------
5148
:: ----------Disable file hash computation feature-----------
5149
:: ----------------------------------------------------------
5150
echo --- Disable file hash computation feature
5151
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine!EnableFileHashComputation"
5152
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine' /v 'EnableFileHashComputation' /t 'REG_DWORD' /d "^""$data"^"" /f"
5153
:: ----------------------------------------------------------
5154
 
5155
 
5156
:: ----------------------------------------------------------
5157
:: -------------Disable Defender auto-exclusions-------------
5158
:: ----------------------------------------------------------
5159
echo --- Disable Defender auto-exclusions
5160
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableAutoExclusions'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableAutoExclusions $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5161
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions!DisableAutoExclusions"
5162
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions' /v 'DisableAutoExclusions' /t 'REG_DWORD' /d "^""$data"^"" /f"
5163
:: ----------------------------------------------------------
5164
 
5165
 
5166
:: ----------------------------------------------------------
5167
:: -----Disable Defender Antivirus license verification------
5168
:: ----------------------------------------------------------
5169
echo --- Disable Defender Antivirus license verification
5170
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MsMpLics.dll"  as TrustedInstaller
5171
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MsMpLics.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5172
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\Offline\MsMpLics.dll"  as TrustedInstaller
5173
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\Offline\MsMpLics.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5174
:: ----------------------------------------------------------
5175
 
5176
 
5177
:: ----------------------------------------------------------
5178
:: --------Disable firewall via command-line utility---------
5179
:: ----------------------------------------------------------
5180
echo --- Disable firewall via command-line utility
5181
PowerShell -ExecutionPolicy Unrestricted -Command "if(!(Get-Command 'netsh' -ErrorAction Ignore)) { throw '"^""netsh"^"" does not exist, is system installed correctly?'; }; $message=netsh advfirewall set allprofiles state off 2>&1; if($?) { Write-Host "^""Successfully disabled firewall."^""; } else { if($message -like '*Firewall service*') { Write-Warning 'Cannot use CLI because MpsSvc or MpsDrv is not running. Try to enable them (revert) -> reboot -> re-run this?'; } else { throw "^""Cannot disable: $message"^""; }; }"
5182
:: ----------------------------------------------------------
5183
 
5184
 
5185
:: ----------------------------------------------------------
5186
:: --------------Disable Firewall via registry---------------
5187
:: ----------------------------------------------------------
5188
echo --- Disable Firewall via registry
5189
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!EnableFirewall"
5190
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5191
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile!EnableFirewall"
5192
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5193
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile!EnableFirewall"
5194
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5195
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!EnableFirewall"
5196
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5197
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile!EnableFirewall"
5198
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5199
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile!EnableFirewall"
5200
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5201
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile!EnableFirewall"
5202
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5203
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile!EnableFirewall"
5204
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile' /v 'EnableFirewall' /t 'REG_DWORD' /d "^""$data"^"" /f"
5205
:: ----------------------------------------------------------
5206
 
5207
 
5208
:: Disable "Firewall & network protection" section in "Windows Security"
5209
echo --- Disable "Firewall ^& network protection" section in "Windows Security"
5210
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Firewall and network protection!UILockdown"
5211
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Firewall and network protection'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Firewall and network protection' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
5212
:: ----------------------------------------------------------
5213
 
5214
 
5215
:: Disable "Windows Defender Advanced Threat Protection Service" service
5216
echo --- Disable "Windows Defender Advanced Threat Protection Service" service
5217
:: Disable the service `Sense` 
5218
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'Sense'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
5219
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender Advanced Threat Protection\MsSense.exe" with additional permissions 
5220
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender Advanced Threat Protection\MsSense.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5221
:: ----------------------------------------------------------
5222
 
5223
 
5224
:: ----------------------------------------------------------
5225
:: ---Disable Microsoft Data Loss Prevention (DLP) service---
5226
:: ----------------------------------------------------------
5227
echo --- Disable Microsoft Data Loss Prevention (DLP) service
5228
:: Disable service(s): `MDDlpSvc`
5229
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'MDDlpSvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
5230
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpDlpService.exe"  as TrustedInstaller
5231
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpDlpService.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5232
:: Check and terminate the running process "MpDlpService.exe"
5233
tasklist /fi "ImageName eq MpDlpService.exe" /fo csv 2>NUL | find /i "MpDlpService.exe">NUL && (
5234
    echo MpDlpService.exe is running and will be killed.
5235
    taskkill /f /im MpDlpService.exe
5236
) || (
5237
    echo Skipping, MpDlpService.exe is not running.
5238
)
5239
:: Configure termination of "MpDlpService.exe" immediately upon its startup
5240
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDlpService.exe!Debugger"
5241
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDlpService.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDlpService.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
5242
:: Add a rule to prevent the executable "MpDlpService.exe" from running via File Explorer
5243
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MpDlpService.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
5244
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
5245
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
5246
:: ----------------------------------------------------------
5247
 
5248
 
5249
:: ----------------------------------------------------------
5250
:: ----Disable Defender for Endpoint remote configuration----
5251
:: ----------------------------------------------------------
5252
echo --- Disable Defender for Endpoint remote configuration
5253
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{FEEE9C23-C4E2-4A34-8C73-FE8F9786C8B4} as TrustedInstaller
5254
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{FEEE9C23-C4E2-4A34-8C73-FE8F9786C8B4}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5255
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender Advanced Threat Protection\WATPCSP.dll" with additional permissions 
5256
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender Advanced Threat Protection\WATPCSP.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5257
:: ----------------------------------------------------------
5258
 
5259
 
5260
:: ----------------------------------------------------------
5261
:: ---Disable Defender Antivirus DLP command-line utility----
5262
:: ----------------------------------------------------------
5263
echo --- Disable Defender Antivirus DLP command-line utility
5264
:: Check and terminate the running process "MpDlpCmd.exe"
5265
tasklist /fi "ImageName eq MpDlpCmd.exe" /fo csv 2>NUL | find /i "MpDlpCmd.exe">NUL && (
5266
    echo MpDlpCmd.exe is running and will be killed.
5267
    taskkill /f /im MpDlpCmd.exe
5268
) || (
5269
    echo Skipping, MpDlpCmd.exe is not running.
5270
)
5271
:: Configure termination of "MpDlpCmd.exe" immediately upon its startup
5272
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDlpCmd.exe!Debugger"
5273
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDlpCmd.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDlpCmd.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
5274
:: Add a rule to prevent the executable "MpDlpCmd.exe" from running via File Explorer
5275
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MpDlpCmd.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
5276
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
5277
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
5278
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpDlpCmd.exe"  as TrustedInstaller
5279
:: This operation will not run on Windows versions earlier than Windows11-21H2.
5280
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpDlpCmd.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5281
:: ----------------------------------------------------------
5282
 
5283
 
5284
:: Disable Defender Antivirus Endpoint Data Loss Prevention (DLP) module
5285
echo --- Disable Defender Antivirus Endpoint Data Loss Prevention (DLP) module
5286
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\endpointdlp.dll"  as TrustedInstaller
5287
:: This operation will not run on Windows versions earlier than Windows11-21H2.
5288
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\endpointdlp.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5289
:: ----------------------------------------------------------
5290
 
5291
 
5292
:: ----------------------------------------------------------
5293
:: -----Disable outdated SmartScreen settings interface------
5294
:: ----------------------------------------------------------
5295
echo --- Disable outdated SmartScreen settings interface
5296
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SmartScreenSettings.exe" with additional permissions 
5297
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\SmartScreenSettings.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5298
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\SmartScreenSettings.exe" with additional permissions 
5299
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\SmartScreenSettings.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5300
:: ----------------------------------------------------------
5301
 
5302
 
5303
:: ----------------------------------------------------------
5304
:: --------Remove "Windows Security" system tray icon--------
5305
:: ----------------------------------------------------------
5306
echo --- Remove "Windows Security" system tray icon
5307
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray!HideSystray"
5308
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray' /v 'HideSystray' /t 'REG_DWORD' /d "^""$data"^"" /f"
5309
:: ----------------------------------------------------------
5310
 
5311
 
5312
:: ----------------------------------------------------------
5313
:: ------Remove "Scan with Defender" from context menu-------
5314
:: ----------------------------------------------------------
5315
echo --- Remove "Scan with Defender" from context menu
5316
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780} 
5317
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
5318
:: Delete the registry value "(Default)" from the key "HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EPP" 
5319
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EPP'; $valueName = '(Default)'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
5320
:: Delete the registry value "(Default)" from the key "HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\EPP" 
5321
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\EPP'; $valueName = '(Default)'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
5322
:: ----------------------------------------------------------
5323
 
5324
 
5325
:: ----------------------------------------------------------
5326
:: -------Remove "Windows Security" icon from taskbar--------
5327
:: ----------------------------------------------------------
5328
echo --- Remove "Windows Security" icon from taskbar
5329
:: Delete the registry value "SecurityHealth" from the key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 
5330
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'; $valueName = 'SecurityHealth'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
5331
:: ----------------------------------------------------------
5332
 
5333
 
5334
:: ----------------------------------------------------------
5335
:: -----------Disable Defender Antivirus interface-----------
5336
:: ----------------------------------------------------------
5337
echo --- Disable Defender Antivirus interface
5338
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!UILockdown"
5339
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
5340
:: ----------------------------------------------------------
5341
 
5342
 
5343
:: Disable outdated non-administrator access to Defender threat history
5344
echo --- Disable outdated non-administrator access to Defender threat history
5345
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$propertyName = ''DisablePrivacyMode'''+"^""`r`n"^""+'$value = $True'+"^""`r`n"^""+'if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) {'+"^""`r`n"^""+'    Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$command = Get-Command ''Set-MpPreference'' -ErrorAction Ignore'+"^""`r`n"^""+'if (!$command) {'+"^""`r`n"^""+'    Write-Warning ''Skipping. Command not found: "^""Set-MpPreference"^"".'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if(!$command.Parameters.Keys.Contains($propertyName)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""'+"^""`r`n"^""+'    Set-MpPreference -Force -DisablePrivacyMode $value -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    if ( $_.FullyQualifiedErrorId -like ''*0x800106ba*'') {'+"^""`r`n"^""+'        Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""'+"^""`r`n"^""+'        exit 0'+"^""`r`n"^""+'    } elseif (($_ | Out-String) -like ''*Cannot convert*'') {'+"^""`r`n"^""+'        Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""'+"^""`r`n"^""+'        exit 0'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        Write-Error "^""Failed to set using $($command.Name): $_"^""'+"^""`r`n"^""+'        exit 1'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5346
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration!DisablePrivacyMode"
5347
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration'''+"^""`r`n"^""+'$data =  ''1'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration'' `'+"^""`r`n"^""+'    /v ''DisablePrivacyMode'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5348
:: ----------------------------------------------------------
5349
 
5350
 
5351
:: ----------------------------------------------------------
5352
:: ------Disable Defender Firewall Control Panel applet------
5353
:: ----------------------------------------------------------
5354
echo --- Disable Defender Firewall Control Panel applet
5355
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\FirewallControlPanel.dll" with additional permissions 
5356
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\FirewallControlPanel.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5357
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{A4B07E49-6567-4FB8-8D39-01920E3B2357} as TrustedInstaller
5358
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{A4B07E49-6567-4FB8-8D39-01920E3B2357}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5359
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\CLSID\{A4B07E49-6567-4FB8-8D39-01920E3B2357} as TrustedInstaller
5360
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\CLSID\{A4B07E49-6567-4FB8-8D39-01920E3B2357}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5361
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{1CD0938D-1AC1-49DE-AA04-F2C92D4A02D1} as TrustedInstaller
5362
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{1CD0938D-1AC1-49DE-AA04-F2C92D4A02D1}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5363
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{A4B07E49-6567-4FB8-8D39-01920E3B2357} as TrustedInstaller
5364
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{A4B07E49-6567-4FB8-8D39-01920E3B2357}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5365
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\AppId\{A4B07E49-6567-4FB8-8D39-01920E3B2357} as TrustedInstaller
5366
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\AppId\{A4B07E49-6567-4FB8-8D39-01920E3B2357}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5367
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{752438CB-E941-433F-BCB4-8B7D2329F0C8} as TrustedInstaller
5368
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{752438CB-E941-433F-BCB4-8B7D2329F0C8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5369
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\CLSID\{752438CB-E941-433F-BCB4-8B7D2329F0C8} as TrustedInstaller
5370
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\CLSID\{752438CB-E941-433F-BCB4-8B7D2329F0C8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5371
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} as TrustedInstaller
5372
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5373
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\AppId\{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} as TrustedInstaller
5374
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\AppId\{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5375
:: Soft-delete the registry key: HKLM\Software\Classes\TypeLib\{B9C76E7B-D029-44EB-896F-F02FC6E9ABD5} as TrustedInstaller
5376
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\TypeLib\{B9C76E7B-D029-44EB-896F-F02FC6E9ABD5}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5377
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\TypeLib\{B9C76E7B-D029-44EB-896F-F02FC6E9ABD5} as TrustedInstaller
5378
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\TypeLib\{B9C76E7B-D029-44EB-896F-F02FC6E9ABD5}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5379
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{DDECE4B2-979F-4CDB-9F58-B036FE5A510C} as TrustedInstaller
5380
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{DDECE4B2-979F-4CDB-9F58-B036FE5A510C}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5381
:: ----------------------------------------------------------
5382
 
5383
 
5384
:: Disable Defender Firewall "Windows Defender Firewall with Advanced Security"
5385
echo --- Disable Defender Firewall "Windows Defender Firewall with Advanced Security"
5386
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\AuthFWGP.dll" with additional permissions 
5387
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\AuthFWGP.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5388
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\AuthFWGP.dll" with additional permissions 
5389
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\AuthFWGP.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5390
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{023A36FC-E9D5-419E-824A-CDC66A116E84} as TrustedInstaller
5391
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{023A36FC-E9D5-419E-824A-CDC66A116E84}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5392
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\CLSID\{023A36FC-E9D5-419E-824A-CDC66A116E84} as TrustedInstaller
5393
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\CLSID\{023A36FC-E9D5-419E-824A-CDC66A116E84}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5394
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71} as TrustedInstaller
5395
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5396
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\CLSID\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71} as TrustedInstaller
5397
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\CLSID\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5398
:: ----------------------------------------------------------
5399
 
5400
 
5401
:: Remove "Windows Security" app (`SecHealthUI`) (breaks Windows Security user interface)
5402
echo --- Remove "Windows Security" app (`SecHealthUI`) (breaks Windows Security user interface)
5403
:: Soft delete files matching pattern: "%SYSTEMROOT%\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\*" with additional permissions 
5404
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5405
:: Soft delete files matching pattern: "%SYSTEMROOT%\$(("Microsoft.Windows.SecHealthUI" -Split '\.')[-1])\*" with additional permissions 
5406
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\$(("^""Microsoft.Windows.SecHealthUI"^"" -Split '\.')[-1])\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5407
:: Soft delete files matching pattern: "%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.Windows.SecHealthUI_*_cw5n1h2txyewy\*" with additional permissions 
5408
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.Windows.SecHealthUI_*_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5409
:: Enable removal of system app 'Microsoft.Windows.SecHealthUI' by marking it as "EndOfLife"
5410
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy" registry key
5411
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
5412
:: Uninstall 'Microsoft.Windows.SecHealthUI' Store app
5413
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.Windows.SecHealthUI' | Remove-AppxPackage"
5414
:: Mark 'Microsoft.Windows.SecHealthUI' as deprovisioned to block reinstall during Windows updates.
5415
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy" registry key
5416
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
5417
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy" (Revert 'Microsoft.Windows.SecHealthUI' to its default, non-removable state.)
5418
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
5419
:: Soft delete files matching pattern: "%LOCALAPPDATA%\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\*"  
5420
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
5421
:: Soft delete files matching pattern: "%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecHealthUI_*_cw5n1h2txyewy\*" with additional permissions 
5422
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecHealthUI_*_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5423
:: Enable removal of system app 'Microsoft.SecHealthUI' by marking it as "EndOfLife"
5424
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.SecHealthUI_8wekyb3d8bbwe" registry key
5425
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.SecHealthUI_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
5426
:: Uninstall 'Microsoft.SecHealthUI' Store app
5427
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.SecHealthUI' | Remove-AppxPackage"
5428
:: Mark 'Microsoft.SecHealthUI' as deprovisioned to block reinstall during Windows updates.
5429
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SecHealthUI_8wekyb3d8bbwe" registry key
5430
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SecHealthUI_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
5431
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.SecHealthUI_8wekyb3d8bbwe" (Revert 'Microsoft.SecHealthUI' to its default, non-removable state.)
5432
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.SecHealthUI_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
5433
:: ----------------------------------------------------------
5434
 
5435
 
5436
:: Disable outdated "Windows Defender Security Center" interface
5437
echo --- Disable outdated "Windows Defender Security Center" interface
5438
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpUXSrv.exe"  as TrustedInstaller
5439
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpUXSrv.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5440
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{FDA74D11-C4A6-4577-9F73-D7CA8586E10D} as TrustedInstaller
5441
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{FDA74D11-C4A6-4577-9F73-D7CA8586E10D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5442
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{FDA74D11-C4A6-4577-9F73-D7CA8586E10D} as TrustedInstaller
5443
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{FDA74D11-C4A6-4577-9F73-D7CA8586E10D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5444
:: Soft delete files matching pattern: "%PROGRAMDATA%\Microsoft\Windows Defender\Platform\*\MPUXAGENT.DLL"  as TrustedInstaller
5445
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows Defender\Platform\*\MPUXAGENT.DLL"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5446
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002} as TrustedInstaller
5447
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{4DB116D1-9B24-4DFC-946B-BFE03E852002}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5448
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987} as TrustedInstaller
5449
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{2DCD7FDB-8809-48E4-8E4F-3157C57CF987}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5450
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp 
5451
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Classes\AppUserModelId\Windows.Defender.MpUxDlp'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
5452
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppID\{1111a26d-ef95-4a45-9f55-21e52adf9887} as TrustedInstaller
5453
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\AppID\{1111a26d-ef95-4a45-9f55-21e52adf9887}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5454
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\mpuxhostproxy.dll"  as TrustedInstaller
5455
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\mpuxhostproxy.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5456
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{13F6A0B6-57AF-4BA7-ACAA-614BC89CA9D8} as TrustedInstaller
5457
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{13F6A0B6-57AF-4BA7-ACAA-614BC89CA9D8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5458
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{94F35585-C5D7-4D95-BA71-A745AE76E2E2} as TrustedInstaller
5459
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{94F35585-C5D7-4D95-BA71-A745AE76E2E2}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5460
:: ----------------------------------------------------------
5461
 
5462
 
5463
:: Disable prevention of users and apps from accessing dangerous websites
5464
echo --- Disable prevention of users and apps from accessing dangerous websites
5465
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection!EnableNetworkProtection"
5466
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' /v 'EnableNetworkProtection' /t 'REG_DWORD' /d "^""$data"^"" /f"
5467
:: ----------------------------------------------------------
5468
 
5469
 
5470
:: ----------------------------------------------------------
5471
:: -------------Disable controlled folder access-------------
5472
:: ----------------------------------------------------------
5473
echo --- Disable controlled folder access
5474
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access!EnableControlledFolderAccess"
5475
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access' /v 'EnableControlledFolderAccess' /t 'REG_DWORD' /d "^""$data"^"" /f"
5476
:: ----------------------------------------------------------
5477
 
5478
 
5479
:: ----------------------------------------------------------
5480
:: ------Disable "ExploitGuard MDM policy Refresh" task------
5481
:: ----------------------------------------------------------
5482
echo --- Disable "ExploitGuard MDM policy Refresh" task
5483
:: Disable scheduled task(s): `\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh`
5484
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\ExploitGuard\'; $taskNamePattern='ExploitGuard MDM policy Refresh'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
5485
:: ----------------------------------------------------------
5486
 
5487
 
5488
:: ----------------------------------------------------------
5489
:: -------Disable Defender Application Guard isolation-------
5490
:: ----------------------------------------------------------
5491
echo --- Disable Defender Application Guard isolation
5492
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AllowAppHVSI_ProviderSet"
5493
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\AppHVSI'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\AppHVSI' /v 'AllowAppHVSI_ProviderSet' /t 'REG_DWORD' /d "^""$data"^"" /f"
5494
:: ----------------------------------------------------------
5495
 
5496
 
5497
:: ----------------------------------------------------------
5498
:: -Disable Defender Application Guard remote configuration--
5499
:: ----------------------------------------------------------
5500
echo --- Disable Defender Application Guard remote configuration
5501
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{F80FC80C-6A04-46FB-8555-D769E334E9FC} as TrustedInstaller
5502
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{F80FC80C-6A04-46FB-8555-D769E334E9FC}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5503
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\CLSID\{F80FC80C-6A04-46FB-8555-D769E334E9FC} as TrustedInstaller
5504
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
5505
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\CLSID\{F80FC80C-6A04-46FB-8555-D769E334E9FC}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5506
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\windowsdefenderapplicationguardcsp.dll" with additional permissions 
5507
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\windowsdefenderapplicationguardcsp.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5508
:: ----------------------------------------------------------
5509
 
5510
 
5511
:: ----------------------------------------------------------
5512
:: --Disable auditing events in Defender Application Guard---
5513
:: ----------------------------------------------------------
5514
echo --- Disable auditing events in Defender Application Guard
5515
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AuditApplicationGuard"
5516
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\AppHVSI'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\AppHVSI' /v 'AuditApplicationGuard' /t 'REG_DWORD' /d "^""$data"^"" /f"
5517
:: ----------------------------------------------------------
5518
 
5519
 
5520
:: ----------------------------------------------------------
5521
:: Disable Defender Antivirus "Block at First Sight" feature-
5522
:: ----------------------------------------------------------
5523
echo --- Disable Defender Antivirus "Block at First Sight" feature
5524
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableBlockAtFirstSeen'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableBlockAtFirstSeen $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5525
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet!DisableBlockAtFirstSeen"
5526
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet' /v 'DisableBlockAtFirstSeen' /t 'REG_DWORD' /d "^""$data"^"" /f"
5527
:: Set the registry value: "HKLM\Software\Microsoft\Windows Defender\SpyNet!DisableBlockAtFirstSeen"
5528
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\Software\Microsoft\Windows Defender\SpyNet'''+"^""`r`n"^""+'$data =  ''1'''+"^""`r`n"^""+'reg add ''HKLM\Software\Microsoft\Windows Defender\SpyNet'' `'+"^""`r`n"^""+'    /v ''DisableBlockAtFirstSeen'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5529
:: ----------------------------------------------------------
5530
 
5531
 
5532
:: ----------------------------------------------------------
5533
:: Disable Defender Antivirus "Extended Cloud Check" feature-
5534
:: ----------------------------------------------------------
5535
echo --- Disable Defender Antivirus "Extended Cloud Check" feature
5536
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'CloudExtendedTimeout'; $value = '50'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -CloudExtendedTimeout $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5537
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine!MpBafsExtendedTimeout"
5538
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine'; $data =  '50'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine' /v 'MpBafsExtendedTimeout' /t 'REG_DWORD' /d "^""$data"^"" /f"
5539
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine!MpBafsExtendedTimeout"
5540
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine'; $data =  '50'; reg add 'HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine' /v 'MpBafsExtendedTimeout' /t 'REG_DWORD' /d "^""$data"^"" /f"
5541
:: ----------------------------------------------------------
5542
 
5543
 
5544
:: ----------------------------------------------------------
5545
:: --Disable Defender Antivirus aggressive cloud protection--
5546
:: ----------------------------------------------------------
5547
echo --- Disable Defender Antivirus aggressive cloud protection
5548
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'CloudBlockLevel'; $value = '0'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -CloudBlockLevel $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5549
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine!MpCloudBlockLevel"
5550
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine' /v 'MpCloudBlockLevel' /t 'REG_DWORD' /d "^""$data"^"" /f"
5551
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine!MpCloudBlockLevel"
5552
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine'; $data =  '2'; reg add 'HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine' /v 'MpCloudBlockLevel' /t 'REG_DWORD' /d "^""$data"^"" /f"
5553
:: ----------------------------------------------------------
5554
 
5555
 
5556
:: ----------------------------------------------------------
5557
:: ---Disable Defender Antivirus cloud-based notifications---
5558
:: ----------------------------------------------------------
5559
echo --- Disable Defender Antivirus cloud-based notifications
5560
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureDisableNotification"
5561
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'SignatureDisableNotification' /t 'REG_DWORD' /d "^""$data"^"" /f"
5562
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates!SignatureDisableNotification"
5563
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates' /v 'SignatureDisableNotification' /t 'REG_DWORD' /d "^""$data"^"" /f"
5564
:: ----------------------------------------------------------
5565
 
5566
 
5567
:: ----------------------------------------------------------
5568
:: --Disable Defender Antivirus cloud protection reporting---
5569
:: ----------------------------------------------------------
5570
echo --- Disable Defender Antivirus cloud protection reporting
5571
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'MAPSReporting'; $value = '0'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -MAPSReporting $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5572
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\Spynet!SpyNetReporting"
5573
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\Spynet'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\Spynet'' `'+"^""`r`n"^""+'    /v ''SpyNetReporting'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5574
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet!LocalSettingOverrideSpynetReporting"
5575
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' /v 'LocalSettingOverrideSpynetReporting' /t 'REG_DWORD' /d "^""$data"^"" /f"
5576
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting"
5577
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' /v 'SpynetReporting' /t 'REG_DWORD' /d "^""$data"^"" /f"
5578
:: ----------------------------------------------------------
5579
 
5580
 
5581
:: Disable Defender Antivirus automatic file submission to Microsoft
5582
echo --- Disable Defender Antivirus automatic file submission to Microsoft
5583
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'SubmitSamplesConsent'; $value = '2'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -SubmitSamplesConsent $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5584
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet!SubmitSamplesConsent"
5585
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' /v 'SubmitSamplesConsent' /t 'REG_DWORD' /d "^""$data"^"" /f"
5586
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\Spynet!SubmitSamplesConsent"
5587
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\Spynet'''+"^""`r`n"^""+'$data =  ''2'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\Spynet'' `'+"^""`r`n"^""+'    /v ''SubmitSamplesConsent'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
5588
:: ----------------------------------------------------------
5589
 
5590
 
5591
:: Disable Defender Antivirus real-time security intelligence updates
5592
echo --- Disable Defender Antivirus real-time security intelligence updates
5593
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!RealtimeSignatureDelivery"
5594
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'RealtimeSignatureDelivery' /t 'REG_DWORD' /d "^""$data"^"" /f"
5595
:: ----------------------------------------------------------
5596
 
5597
 
5598
:: ----------------------------------------------------------
5599
:: --------Disable System Guard startup verification---------
5600
:: ----------------------------------------------------------
5601
echo --- Disable System Guard startup verification
5602
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!ConfigureSystemGuardLaunch"
5603
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' /v 'ConfigureSystemGuardLaunch' /t 'REG_DWORD' /d "^""$data"^"" /f"
5604
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard!Enabled"
5605
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard'; $data =  '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
5606
:: ----------------------------------------------------------
5607
 
5608
 
5609
:: ----------------------------------------------------------
5610
:: ---------Disable System Guard sandbox monitoring----------
5611
:: ----------------------------------------------------------
5612
echo --- Disable System Guard sandbox monitoring
5613
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SgrmLpac.exe" with additional permissions 
5614
:: This operation will not run on Windows versions later than Windows11-21H2.
5615
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SgrmLpac.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5616
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Sgrm\SgrmLpac.exe"  
5617
:: This operation will not run on Windows versions earlier than Windows11-22H2.
5618
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\Sgrm\SgrmLpac.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
5619
:: Check and terminate the running process "SgrmLpac.exe"
5620
tasklist /fi "ImageName eq SgrmLpac.exe" /fo csv 2>NUL | find /i "SgrmLpac.exe">NUL && (
5621
    echo SgrmLpac.exe is running and will be killed.
5622
    taskkill /f /im SgrmLpac.exe
5623
) || (
5624
    echo Skipping, SgrmLpac.exe is not running.
5625
)
5626
:: Configure termination of "SgrmLpac.exe" immediately upon its startup
5627
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SgrmLpac.exe!Debugger"
5628
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SgrmLpac.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SgrmLpac.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
5629
:: Add a rule to prevent the executable "SgrmLpac.exe" from running via File Explorer
5630
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='SgrmLpac.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
5631
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
5632
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
5633
:: ----------------------------------------------------------
5634
 
5635
 
5636
:: ----------------------------------------------------------
5637
:: ----------Disable System Guard kernel monitoring----------
5638
:: ----------------------------------------------------------
5639
echo --- Disable System Guard kernel monitoring
5640
:: Disable service(s): `SgrmAgent`
5641
:: This operation will not run on Windows versions later than Windows11-21H2.
5642
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $serviceName = 'SgrmAgent'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
5643
:: Disable service(s): `SgrmAgent`
5644
:: This operation will not run on Windows versions earlier than Windows11-22H2.
5645
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $serviceName = 'SgrmAgent'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
5646
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\SgrmAgent.sys" with additional permissions 
5647
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\SgrmAgent.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5648
:: ----------------------------------------------------------
5649
 
5650
 
5651
:: ----------------------------------------------------------
5652
:: ----------Disable System Guard communication hub----------
5653
:: ----------------------------------------------------------
5654
echo --- Disable System Guard communication hub
5655
:: Disable the service `SgrmBroker` 
5656
:: This operation will not run on Windows versions later than Windows11-21H2.
5657
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $serviceQuery = 'SgrmBroker'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
5658
:: Disable the service `SgrmBroker` 
5659
:: This operation will not run on Windows versions earlier than Windows11-22H2.
5660
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $serviceQuery = 'SgrmBroker'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
5661
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SgrmBroker.exe" with additional permissions 
5662
:: This operation will not run on Windows versions later than Windows11-21H2.
5663
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SgrmBroker.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5664
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Sgrm\SgrmBroker.exe"  
5665
:: This operation will not run on Windows versions earlier than Windows11-22H2.
5666
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\Sgrm\SgrmBroker.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
5667
:: Check and terminate the running process "SgrmBroker.exe"
5668
tasklist /fi "ImageName eq SgrmBroker.exe" /fo csv 2>NUL | find /i "SgrmBroker.exe">NUL && (
5669
    echo SgrmBroker.exe is running and will be killed.
5670
    taskkill /f /im SgrmBroker.exe
5671
) || (
5672
    echo Skipping, SgrmBroker.exe is not running.
5673
)
5674
:: Configure termination of "SgrmBroker.exe" immediately upon its startup
5675
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SgrmBroker.exe!Debugger"
5676
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SgrmBroker.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SgrmBroker.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
5677
:: Add a rule to prevent the executable "SgrmBroker.exe" from running via File Explorer
5678
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='SgrmBroker.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
5679
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
5680
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
5681
:: ----------------------------------------------------------
5682
 
5683
 
5684
:: ----------------------------------------------------------
5685
:: ----------Disable System Guard rule definitions-----------
5686
:: ----------------------------------------------------------
5687
echo --- Disable System Guard rule definitions
5688
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Sgrm\SgrmAssertions.bin" with additional permissions 
5689
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\Sgrm\SgrmAssertions.bin"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5690
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Sgrm\SgrmAssertions.cat" with additional permissions 
5691
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\Sgrm\SgrmAssertions.cat"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5692
:: ----------------------------------------------------------
5693
 
5694
 
5695
:: ----------------------------------------------------------
5696
:: ------------Disable System Guard rule scanner-------------
5697
:: ----------------------------------------------------------
5698
echo --- Disable System Guard rule scanner
5699
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SgrmEnclave.dll" with additional permissions 
5700
:: This operation will not run on Windows versions later than Windows11-21H2.
5701
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SgrmEnclave.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5702
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Sgrm\SgrmEnclave.dll"  
5703
:: This operation will not run on Windows versions earlier than Windows11-22H2.
5704
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\Sgrm\SgrmEnclave.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
5705
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SgrmEnclave_secure.dll" with additional permissions 
5706
:: This operation will not run on Windows versions later than Windows11-21H2.
5707
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SgrmEnclave_secure.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5708
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Sgrm\SgrmEnclave_secure.dll"  
5709
:: This operation will not run on Windows versions earlier than Windows11-22H2.
5710
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\Sgrm\SgrmEnclave_secure.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
5711
:: ----------------------------------------------------------
5712
 
5713
 
5714
:: ----------------------------------------------------------
5715
:: ---------------Disable protocol recognition---------------
5716
:: ----------------------------------------------------------
5717
echo --- Disable protocol recognition
5718
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\NIS!DisableProtocolRecognition"
5719
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\NIS'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\NIS' /v 'DisableProtocolRecognition' /t 'REG_DWORD' /d "^""$data"^"" /f"
5720
:: ----------------------------------------------------------
5721
 
5722
 
5723
:: ----------------------------------------------------------
5724
:: --------------Disable definition retirement---------------
5725
:: ----------------------------------------------------------
5726
echo --- Disable definition retirement
5727
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!DisableSignatureRetirement"
5728
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS' /v 'DisableSignatureRetirement' /t 'REG_DWORD' /d "^""$data"^"" /f"
5729
:: ----------------------------------------------------------
5730
 
5731
 
5732
:: ----------------------------------------------------------
5733
:: ------------Minimize rate of detection events-------------
5734
:: ----------------------------------------------------------
5735
echo --- Minimize rate of detection events
5736
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!ThrottleDetectionEventsRate"
5737
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS'; $data =  '10000000'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS' /v 'ThrottleDetectionEventsRate' /t 'REG_DWORD' /d "^""$data"^"" /f"
5738
:: ----------------------------------------------------------
5739
 
5740
 
5741
:: ----------------------------------------------------------
5742
:: ---------------Disable real-time monitoring---------------
5743
:: ----------------------------------------------------------
5744
echo --- Disable real-time monitoring
5745
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableRealtimeMonitoring'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableRealtimeMonitoring $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5746
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRealtimeMonitoring"
5747
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableRealtimeMonitoring' /t 'REG_DWORD' /d "^""$data"^"" /f"
5748
:: ----------------------------------------------------------
5749
 
5750
 
5751
:: ----------------------------------------------------------
5752
:: --------Disable intrusion prevention system (IPS)---------
5753
:: ----------------------------------------------------------
5754
echo --- Disable intrusion prevention system (IPS)
5755
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableIntrusionPreventionSystem'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableIntrusionPreventionSystem $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5756
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableIntrusionPreventionSystem"
5757
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableIntrusionPreventionSystem' /t 'REG_DWORD' /d "^""$data"^"" /f"
5758
:: ----------------------------------------------------------
5759
 
5760
 
5761
:: ----------------------------------------------------------
5762
:: -------Disable Information Protection Control (IPC)-------
5763
:: ----------------------------------------------------------
5764
echo --- Disable Information Protection Control (IPC)
5765
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableInformationProtectionControl"
5766
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableInformationProtectionControl' /t 'REG_DWORD' /d "^""$data"^"" /f"
5767
:: ----------------------------------------------------------
5768
 
5769
 
5770
:: ----------------------------------------------------------
5771
:: ------Disable real-time protection process scanning-------
5772
:: ----------------------------------------------------------
5773
echo --- Disable real-time protection process scanning
5774
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableScanOnRealtimeEnable"
5775
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableScanOnRealtimeEnable' /t 'REG_DWORD' /d "^""$data"^"" /f"
5776
:: ----------------------------------------------------------
5777
 
5778
 
5779
:: ----------------------------------------------------------
5780
:: --Disable Defender Antivirus real-time protection module--
5781
:: ----------------------------------------------------------
5782
echo --- Disable Defender Antivirus real-time protection module
5783
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpRtp.dll"  as TrustedInstaller
5784
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpRtp.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5785
:: ----------------------------------------------------------
5786
 
5787
 
5788
:: ----------------------------------------------------------
5789
:: ---------------Disable routine remediation----------------
5790
:: ----------------------------------------------------------
5791
echo --- Disable routine remediation
5792
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender!DisableRoutinelyTakingAction"
5793
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender' /v 'DisableRoutinelyTakingAction' /t 'REG_DWORD' /d "^""$data"^"" /f"
5794
:: ----------------------------------------------------------
5795
 
5796
 
5797
:: ----------------------------------------------------------
5798
:: --------Disable running scheduled auto-remediation--------
5799
:: ----------------------------------------------------------
5800
echo --- Disable running scheduled auto-remediation
5801
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay"
5802
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Remediation'; $data =  '8'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Remediation' /v 'Scan_ScheduleDay' /t 'REG_DWORD' /d "^""$data"^"" /f"
5803
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'RemediationScheduleDay'; $value = '8'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -RemediationScheduleDay $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5804
:: ----------------------------------------------------------
5805
 
5806
 
5807
:: ----------------------------------------------------------
5808
:: ---------------Disable remediation actions----------------
5809
:: ----------------------------------------------------------
5810
echo --- Disable remediation actions
5811
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'UnknownThreatDefaultAction'; $value = '9'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -UnknownThreatDefaultAction $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5812
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction"
5813
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats' /v 'Threats_ThreatSeverityDefaultAction' /t 'REG_DWORD' /d "^""$data"^"" /f"
5814
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction!5"
5815
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'; $data =  '9'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' /v '5' /t 'REG_SZ' /d "^""$data"^"" /f"
5816
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction!4"
5817
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'; $data =  '9'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' /v '4' /t 'REG_SZ' /d "^""$data"^"" /f"
5818
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction!3"
5819
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'; $data =  '9'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' /v '3' /t 'REG_SZ' /d "^""$data"^"" /f"
5820
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction!2"
5821
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'; $data =  '9'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' /v '2' /t 'REG_SZ' /d "^""$data"^"" /f"
5822
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction!1"
5823
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction'; $data =  '9'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction' /v '1' /t 'REG_SZ' /d "^""$data"^"" /f"
5824
:: ----------------------------------------------------------
5825
 
5826
 
5827
:: ----------------------------------------------------------
5828
:: Enable automatically purging items from quarantine folder-
5829
:: ----------------------------------------------------------
5830
echo --- Enable automatically purging items from quarantine folder
5831
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'QuarantinePurgeItemsAfterDelay'; $value = '1'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -QuarantinePurgeItemsAfterDelay $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5832
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay"
5833
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine' /v 'PurgeItemsAfterDelay' /t 'REG_DWORD' /d "^""$data"^"" /f"
5834
:: ----------------------------------------------------------
5835
 
5836
 
5837
:: ----------------------------------------------------------
5838
:: -----Disable Defender Antivirus command-line library------
5839
:: ----------------------------------------------------------
5840
echo --- Disable Defender Antivirus command-line library
5841
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpClient.dll"  as TrustedInstaller
5842
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpClient.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5843
:: Soft delete files matching pattern: "%PROGRAMFILES(X86)%\Windows Defender\MpClient.dll"  as TrustedInstaller
5844
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES(X86)%\Windows Defender\MpClient.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5845
:: ----------------------------------------------------------
5846
 
5847
 
5848
:: ----------------------------------------------------------
5849
:: -----Disable Defender Antivirus command-line utility------
5850
:: ----------------------------------------------------------
5851
echo --- Disable Defender Antivirus command-line utility
5852
:: Check and terminate the running process "MpCmdRun.exe"
5853
tasklist /fi "ImageName eq MpCmdRun.exe" /fo csv 2>NUL | find /i "MpCmdRun.exe">NUL && (
5854
    echo MpCmdRun.exe is running and will be killed.
5855
    taskkill /f /im MpCmdRun.exe
5856
) || (
5857
    echo Skipping, MpCmdRun.exe is not running.
5858
)
5859
:: Configure termination of "MpCmdRun.exe" immediately upon its startup
5860
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe!Debugger"
5861
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
5862
:: Add a rule to prevent the executable "MpCmdRun.exe" from running via File Explorer
5863
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MpCmdRun.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
5864
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
5865
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
5866
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpCmdRun.exe"  as TrustedInstaller
5867
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpCmdRun.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5868
:: Soft delete files matching pattern: "%PROGRAMFILES(X86)%\Windows Defender\MpCmdRun.exe"  as TrustedInstaller
5869
:: This operation will not run on Windows versions earlier than Windows11-21H2.
5870
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES(X86)%\Windows Defender\MpCmdRun.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5871
:: ----------------------------------------------------------
5872
 
5873
 
5874
:: ----------------------------------------------------------
5875
:: --------Disable Defender Antivirus WMI management---------
5876
:: ----------------------------------------------------------
5877
echo --- Disable Defender Antivirus WMI management
5878
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9} as TrustedInstaller
5879
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5880
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\ProtectionManagement.dll"  as TrustedInstaller
5881
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\ProtectionManagement.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5882
:: ----------------------------------------------------------
5883
 
5884
 
5885
:: Disable Microsoft Security Client Policy Configuration Tool
5886
echo --- Disable Microsoft Security Client Policy Configuration Tool
5887
:: Check and terminate the running process "ConfigSecurityPolicy.exe"
5888
tasklist /fi "ImageName eq ConfigSecurityPolicy.exe" /fo csv 2>NUL | find /i "ConfigSecurityPolicy.exe">NUL && (
5889
    echo ConfigSecurityPolicy.exe is running and will be killed.
5890
    taskkill /f /im ConfigSecurityPolicy.exe
5891
) || (
5892
    echo Skipping, ConfigSecurityPolicy.exe is not running.
5893
)
5894
:: Configure termination of "ConfigSecurityPolicy.exe" immediately upon its startup
5895
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe!Debugger"
5896
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
5897
:: Add a rule to prevent the executable "ConfigSecurityPolicy.exe" from running via File Explorer
5898
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='ConfigSecurityPolicy.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
5899
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
5900
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
5901
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\ConfigSecurityPolicy.exe"  as TrustedInstaller
5902
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\ConfigSecurityPolicy.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5903
:: ----------------------------------------------------------
5904
 
5905
 
5906
:: Minimize Defender updates to completed gradual release cycles
5907
echo --- Minimize Defender updates to completed gradual release cycles
5908
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableGradualRelease'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableGradualRelease $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5909
:: ----------------------------------------------------------
5910
 
5911
 
5912
:: Minimize Defender engine updates to completed release cycles
5913
echo --- Minimize Defender engine updates to completed release cycles
5914
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'EngineUpdatesChannel'; $value = 'Broad'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -EngineUpdatesChannel $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5915
:: ----------------------------------------------------------
5916
 
5917
 
5918
:: Minimize Defender platform updates to completed release cycles
5919
echo --- Minimize Defender platform updates to completed release cycles
5920
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'PlatformUpdatesChannel'; $value = 'Broad'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -PlatformUpdatesChannel $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5921
:: ----------------------------------------------------------
5922
 
5923
 
5924
:: Minimize Defender definition updates to completed gradual release cycles
5925
echo --- Minimize Defender definition updates to completed gradual release cycles
5926
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DefinitionUpdatesChannel'; $value = 'Broad'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DefinitionUpdatesChannel $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
5927
:: ----------------------------------------------------------
5928
 
5929
 
5930
:: ----------------------------------------------------------
5931
:: ----------Disable Windows Defender boot logging-----------
5932
:: ----------------------------------------------------------
5933
echo --- Disable Windows Defender boot logging
5934
:: Set the registry value: "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger!Start"
5935
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger'; $data =  '0'; reg add 'HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger' /v 'Start' /t 'REG_DWORD' /d "^""$data"^"" /f"
5936
:: Set the registry value: "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger!Start"
5937
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger'; $data =  '0'; reg add 'HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger' /v 'Start' /t 'REG_DWORD' /d "^""$data"^"" /f"
5938
:: ----------------------------------------------------------
5939
 
5940
 
5941
:: ----------------------------------------------------------
5942
:: ----Disable Defender ETW provider (Windows Event Logs)----
5943
:: ----------------------------------------------------------
5944
echo --- Disable Defender ETW provider (Windows Event Logs)
5945
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational!Enabled"
5946
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
5947
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC!Enabled"
5948
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
5949
:: ----------------------------------------------------------
5950
 
5951
 
5952
:: Minimize Windows software trace preprocessor (WPP Software Tracing)
5953
echo --- Minimize Windows software trace preprocessor (WPP Software Tracing)
5954
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel"
5955
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' /v 'WppTracingLevel' /t 'REG_DWORD' /d "^""$data"^"" /f"
5956
:: ----------------------------------------------------------
5957
 
5958
 
5959
:: Disable "Microsoft Defender Antivirus Network Inspection System Driver" service
5960
echo --- Disable "Microsoft Defender Antivirus Network Inspection System Driver" service
5961
:: Disable the service `WdNisDrv` using TrustedInstaller privileges
5962
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''WdNisDrv'''+"^""`r`n"^""+'$stopWithDependencies=$true <# $false #>'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5963
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\WdNisDrv.sys" with additional permissions 
5964
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\WdNisDrv.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5965
:: ----------------------------------------------------------
5966
 
5967
 
5968
:: ----------------------------------------------------------
5969
:: -----Disable Defender Antivirus device filter driver------
5970
:: ----------------------------------------------------------
5971
echo --- Disable Defender Antivirus device filter driver
5972
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\WdDevFlt.sys" with additional permissions 
5973
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\WdDevFlt.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
5974
:: ----------------------------------------------------------
5975
 
5976
 
5977
:: ----------------------------------------------------------
5978
:: --Disable Defender Antivirus network inspection service---
5979
:: ----------------------------------------------------------
5980
echo --- Disable Defender Antivirus network inspection service
5981
:: Disable the service `WdNisSvc` using TrustedInstaller privileges
5982
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''WdNisSvc'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
5983
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\NisSrv.exe"  as TrustedInstaller
5984
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\NisSrv.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
5985
:: Check and terminate the running process "NisSrv.exe"
5986
tasklist /fi "ImageName eq NisSrv.exe" /fo csv 2>NUL | find /i "NisSrv.exe">NUL && (
5987
    echo NisSrv.exe is running and will be killed.
5988
    taskkill /f /im NisSrv.exe
5989
) || (
5990
    echo Skipping, NisSrv.exe is not running.
5991
)
5992
:: Configure termination of "NisSrv.exe" immediately upon its startup
5993
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe!Debugger"
5994
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
5995
:: Add a rule to prevent the executable "NisSrv.exe" from running via File Explorer
5996
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='NisSrv.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
5997
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
5998
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
5999
:: ----------------------------------------------------------
6000
 
6001
 
6002
:: ----------------------------------------------------------
6003
:: ---------Disable Microsoft Defender Core Service----------
6004
:: ----------------------------------------------------------
6005
echo --- Disable Microsoft Defender Core Service
6006
:: Check and terminate the running process "MpDefenderCoreService.exe"
6007
tasklist /fi "ImageName eq MpDefenderCoreService.exe" /fo csv 2>NUL | find /i "MpDefenderCoreService.exe">NUL && (
6008
    echo MpDefenderCoreService.exe is running and will be killed.
6009
    taskkill /f /im MpDefenderCoreService.exe
6010
) || (
6011
    echo Skipping, MpDefenderCoreService.exe is not running.
6012
)
6013
:: Configure termination of "MpDefenderCoreService.exe" immediately upon its startup
6014
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDefenderCoreService.exe!Debugger"
6015
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDefenderCoreService.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDefenderCoreService.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
6016
:: Add a rule to prevent the executable "MpDefenderCoreService.exe" from running via File Explorer
6017
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MpDefenderCoreService.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
6018
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
6019
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
6020
:: Suggest restarting computer for changes to take effect
6021
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
6022
:: ----------------------------------------------------------
6023
 
6024
 
6025
:: ----------------------------------------------------------
6026
:: ----Disable Defender Antivirus cache maintenance task-----
6027
:: ----------------------------------------------------------
6028
echo --- Disable Defender Antivirus cache maintenance task
6029
:: Disable scheduled task(s): `\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance`
6030
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Windows Defender\'; $taskNamePattern='Windows Defender Cache Maintenance'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
6031
:: ----------------------------------------------------------
6032
 
6033
 
6034
:: ----------------------------------------------------------
6035
:: ---------Disable Defender Antivirus cleanup task----------
6036
:: ----------------------------------------------------------
6037
echo --- Disable Defender Antivirus cleanup task
6038
:: Disable scheduled task(s): `\Microsoft\Windows\Windows Defender\Windows Defender Cleanup`
6039
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Windows Defender\'; $taskNamePattern='Windows Defender Cleanup'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
6040
:: ----------------------------------------------------------
6041
 
6042
 
6043
:: ----------------------------------------------------------
6044
:: ------Disable Defender Antivirus scheduled scan task------
6045
:: ----------------------------------------------------------
6046
echo --- Disable Defender Antivirus scheduled scan task
6047
:: Disable scheduled task(s): `\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan`
6048
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Windows Defender\'; $taskNamePattern='Windows Defender Scheduled Scan'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
6049
:: ----------------------------------------------------------
6050
 
6051
 
6052
:: ----------------------------------------------------------
6053
:: -------Disable Defender Antivirus verification task-------
6054
:: ----------------------------------------------------------
6055
echo --- Disable Defender Antivirus verification task
6056
:: Disable scheduled task(s): `\Microsoft\Windows\Windows Defender\Windows Defender Verification`
6057
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\Windows Defender\'; $taskNamePattern='Windows Defender Verification'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
6058
:: ----------------------------------------------------------
6059
 
6060
 
6061
:: ----------------------------------------------------------
6062
:: ---Disable Defender Antivirus copy accelerator library----
6063
:: ----------------------------------------------------------
6064
echo --- Disable Defender Antivirus copy accelerator library
6065
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpDetoursCopyAccelerator.dll"  as TrustedInstaller
6066
:: This operation will not run on Windows versions earlier than Windows11-21H2.
6067
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpDetoursCopyAccelerator.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6068
:: Soft delete files matching pattern: "%PROGRAMFILES(X86)%\Windows Defender\MpDetoursCopyAccelerator.dll"  as TrustedInstaller
6069
:: This operation will not run on Windows versions earlier than Windows11-21H2.
6070
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES(X86)%\Windows Defender\MpDetoursCopyAccelerator.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6071
:: ----------------------------------------------------------
6072
 
6073
 
6074
:: ----------------------------------------------------------
6075
:: ---Disable Defender Antivirus copy accelerator utility----
6076
:: ----------------------------------------------------------
6077
echo --- Disable Defender Antivirus copy accelerator utility
6078
:: Check and terminate the running process "MpCopyAccelerator.exe"
6079
tasklist /fi "ImageName eq MpCopyAccelerator.exe" /fo csv 2>NUL | find /i "MpCopyAccelerator.exe">NUL && (
6080
    echo MpCopyAccelerator.exe is running and will be killed.
6081
    taskkill /f /im MpCopyAccelerator.exe
6082
) || (
6083
    echo Skipping, MpCopyAccelerator.exe is not running.
6084
)
6085
:: Configure termination of "MpCopyAccelerator.exe" immediately upon its startup
6086
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCopyAccelerator.exe!Debugger"
6087
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCopyAccelerator.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCopyAccelerator.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
6088
:: Add a rule to prevent the executable "MpCopyAccelerator.exe" from running via File Explorer
6089
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MpCopyAccelerator.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
6090
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
6091
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
6092
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpCopyAccelerator.exe"  as TrustedInstaller
6093
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpCopyAccelerator.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6094
:: ----------------------------------------------------------
6095
 
6096
 
6097
:: ----------------------------------------------------------
6098
:: Disable Defender Antivirus file activity tracking library-
6099
:: ----------------------------------------------------------
6100
echo --- Disable Defender Antivirus file activity tracking library
6101
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpDetours.dll"  as TrustedInstaller
6102
:: This operation will not run on Windows versions earlier than Windows11-21H2.
6103
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpDetours.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6104
:: Soft delete files matching pattern: "%PROGRAMFILES(X86)%\Windows Defender\MpDetours.dll"  as TrustedInstaller
6105
:: This operation will not run on Windows versions earlier than Windows11-21H2.
6106
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES(X86)%\Windows Defender\MpDetours.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6107
:: ----------------------------------------------------------
6108
 
6109
 
6110
:: ----------------------------------------------------------
6111
:: -Disable Defender Antivirus file risk estimation library--
6112
:: ----------------------------------------------------------
6113
echo --- Disable Defender Antivirus file risk estimation library
6114
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\winshfhc.dll" with additional permissions 
6115
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\winshfhc.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6116
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\winshfhc.dll" with additional permissions 
6117
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\winshfhc.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6118
:: ----------------------------------------------------------
6119
 
6120
 
6121
:: ----------------------------------------------------------
6122
:: ---------------Disable behavior monitoring----------------
6123
:: ----------------------------------------------------------
6124
echo --- Disable behavior monitoring
6125
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableBehaviorMonitoring'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableBehaviorMonitoring $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6126
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableBehaviorMonitoring"
6127
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableBehaviorMonitoring' /t 'REG_DWORD' /d "^""$data"^"" /f"
6128
:: ----------------------------------------------------------
6129
 
6130
 
6131
:: Disable sending raw write notifications to behavior monitoring
6132
echo --- Disable sending raw write notifications to behavior monitoring
6133
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRawWriteNotification"
6134
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableRawWriteNotification' /t 'REG_DWORD' /d "^""$data"^"" /f"
6135
:: ----------------------------------------------------------
6136
 
6137
 
6138
:: ----------------------------------------------------------
6139
:: -Disable scanning of all downloaded files and attachments-
6140
:: ----------------------------------------------------------
6141
echo --- Disable scanning of all downloaded files and attachments
6142
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableIOAVProtection'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableIOAVProtection $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6143
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableIOAVProtection"
6144
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableIOAVProtection' /t 'REG_DWORD' /d "^""$data"^"" /f"
6145
:: ----------------------------------------------------------
6146
 
6147
 
6148
:: Disable scanning files larger than 1 KB (minimum possible)
6149
echo --- Disable scanning files larger than 1 KB (minimum possible)
6150
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize"
6151
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'IOAVMaxSize' /t 'REG_DWORD' /d "^""$data"^"" /f"
6152
:: ----------------------------------------------------------
6153
 
6154
 
6155
:: ----------------------------------------------------------
6156
:: -------Disable file and program activity monitoring-------
6157
:: ----------------------------------------------------------
6158
echo --- Disable file and program activity monitoring
6159
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableOnAccessProtection"
6160
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableOnAccessProtection' /t 'REG_DWORD' /d "^""$data"^"" /f"
6161
:: ----------------------------------------------------------
6162
 
6163
 
6164
:: Disable bidirectional scan for incoming and outgoing file and program activities
6165
echo --- Disable bidirectional scan for incoming and outgoing file and program activities
6166
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'RealTimeScanDirection'; $value = '1'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -RealTimeScanDirection $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6167
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealTimeScanDirection"
6168
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'RealTimeScanDirection' /t 'REG_DWORD' /d "^""$data"^"" /f"
6169
:: ----------------------------------------------------------
6170
 
6171
 
6172
:: ----------------------------------------------------------
6173
:: ------Disable signature verification before scanning------
6174
:: ----------------------------------------------------------
6175
echo --- Disable signature verification before scanning
6176
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'CheckForSignaturesBeforeRunningScan'; $value = $False; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -CheckForSignaturesBeforeRunningScan $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6177
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!CheckForSignaturesBeforeRunningScan"
6178
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'CheckForSignaturesBeforeRunningScan' /t 'REG_DWORD' /d "^""$data"^"" /f"
6179
:: ----------------------------------------------------------
6180
 
6181
 
6182
:: ----------------------------------------------------------
6183
:: -----Disable creation of daily system restore points------
6184
:: ----------------------------------------------------------
6185
echo --- Disable creation of daily system restore points
6186
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableRestorePoint'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableRestorePoint $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6187
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRestorePoint"
6188
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableRestorePoint' /t 'REG_DWORD' /d "^""$data"^"" /f"
6189
:: ----------------------------------------------------------
6190
 
6191
 
6192
:: ----------------------------------------------------------
6193
:: ----Minimize retention time for files in scan history-----
6194
:: ----------------------------------------------------------
6195
echo --- Minimize retention time for files in scan history
6196
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'ScanPurgeItemsAfterDelay'; $value = '1'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -ScanPurgeItemsAfterDelay $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6197
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay"
6198
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'PurgeItemsAfterDelay' /t 'REG_DWORD' /d "^""$data"^"" /f"
6199
:: ----------------------------------------------------------
6200
 
6201
 
6202
:: ----------------------------------------------------------
6203
:: -------Maximize days until mandatory catch-up scan--------
6204
:: ----------------------------------------------------------
6205
echo --- Maximize days until mandatory catch-up scan
6206
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!MissedScheduledScanCountBeforeCatchup"
6207
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '20'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'MissedScheduledScanCountBeforeCatchup' /t 'REG_DWORD' /d "^""$data"^"" /f"
6208
:: ----------------------------------------------------------
6209
 
6210
 
6211
:: ----------------------------------------------------------
6212
:: ---------------Disable catch-up full scans----------------
6213
:: ----------------------------------------------------------
6214
echo --- Disable catch-up full scans
6215
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableCatchupFullScan'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableCatchupFullScan $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6216
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupFullScan"
6217
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableCatchupFullScan' /t 'REG_DWORD' /d "^""$data"^"" /f"
6218
:: ----------------------------------------------------------
6219
 
6220
 
6221
:: ----------------------------------------------------------
6222
:: ---------------Disable catch-up quick scans---------------
6223
:: ----------------------------------------------------------
6224
echo --- Disable catch-up quick scans
6225
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableCatchupQuickScan'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableCatchupQuickScan $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6226
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupQuickScan"
6227
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableCatchupQuickScan' /t 'REG_DWORD' /d "^""$data"^"" /f"
6228
:: ----------------------------------------------------------
6229
 
6230
 
6231
:: ----------------------------------------------------------
6232
:: -----------------Disable scan heuristics------------------
6233
:: ----------------------------------------------------------
6234
echo --- Disable scan heuristics
6235
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableHeuristics"
6236
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableHeuristics' /t 'REG_DWORD' /d "^""$data"^"" /f"
6237
:: ----------------------------------------------------------
6238
 
6239
 
6240
:: ----------------------------------------------------------
6241
:: --------------Disable scanning when not idle--------------
6242
:: ----------------------------------------------------------
6243
echo --- Disable scanning when not idle
6244
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'ScanOnlyIfIdleEnabled'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -ScanOnlyIfIdleEnabled $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6245
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanOnlyIfIdle"
6246
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'ScanOnlyIfIdle' /t 'REG_DWORD' /d "^""$data"^"" /f"
6247
:: ----------------------------------------------------------
6248
 
6249
 
6250
:: ----------------------------------------------------------
6251
:: -------Disable scheduled anti-malware scanner (MRT)-------
6252
:: ----------------------------------------------------------
6253
echo --- Disable scheduled anti-malware scanner (MRT)
6254
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\MRT!DontOfferThroughWUAU"
6255
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\MRT'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\MRT' /v 'DontOfferThroughWUAU' /t 'REG_DWORD' /d "^""$data"^"" /f"
6256
:: ----------------------------------------------------------
6257
 
6258
 
6259
:: ----------------------------------------------------------
6260
:: -----------------Disable e-mail scanning------------------
6261
:: ----------------------------------------------------------
6262
echo --- Disable e-mail scanning
6263
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableEmailScanning'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableEmailScanning $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6264
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableEmailScanning"
6265
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableEmailScanning' /t 'REG_DWORD' /d "^""$data"^"" /f"
6266
:: ----------------------------------------------------------
6267
 
6268
 
6269
:: ----------------------------------------------------------
6270
:: -----------------Disable script scanning------------------
6271
:: ----------------------------------------------------------
6272
echo --- Disable script scanning
6273
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableScriptScanning'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableScriptScanning $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6274
:: ----------------------------------------------------------
6275
 
6276
 
6277
:: ----------------------------------------------------------
6278
:: --------------Disable reparse point scanning--------------
6279
:: ----------------------------------------------------------
6280
echo --- Disable reparse point scanning
6281
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableReparsePointScanning"
6282
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableReparsePointScanning' /t 'REG_DWORD' /d "^""$data"^"" /f"
6283
:: ----------------------------------------------------------
6284
 
6285
 
6286
:: ----------------------------------------------------------
6287
:: -Disable scanning mapped network drives during full scan--
6288
:: ----------------------------------------------------------
6289
echo --- Disable scanning mapped network drives during full scan
6290
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningMappedNetworkDrivesForFullScan"
6291
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableScanningMappedNetworkDrivesForFullScan' /t 'REG_DWORD' /d "^""$data"^"" /f"
6292
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableScanningMappedNetworkDrivesForFullScan'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableScanningMappedNetworkDrivesForFullScan $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6293
:: ----------------------------------------------------------
6294
 
6295
 
6296
:: ----------------------------------------------------------
6297
:: --------------Disable network file scanning---------------
6298
:: ----------------------------------------------------------
6299
echo --- Disable network file scanning
6300
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningNetworkFiles"
6301
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableScanningNetworkFiles' /t 'REG_DWORD' /d "^""$data"^"" /f"
6302
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableScanningNetworkFiles'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableScanningNetworkFiles $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6303
:: ----------------------------------------------------------
6304
 
6305
 
6306
:: ----------------------------------------------------------
6307
:: -----------Disable scanning packed executables------------
6308
:: ----------------------------------------------------------
6309
echo --- Disable scanning packed executables
6310
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisablePackedExeScanning"
6311
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisablePackedExeScanning' /t 'REG_DWORD' /d "^""$data"^"" /f"
6312
:: ----------------------------------------------------------
6313
 
6314
 
6315
:: ----------------------------------------------------------
6316
:: ------------Disable scanning removable drives-------------
6317
:: ----------------------------------------------------------
6318
echo --- Disable scanning removable drives
6319
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRemovableDriveScanning"
6320
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableRemovableDriveScanning' /t 'REG_DWORD' /d "^""$data"^"" /f"
6321
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableRemovableDriveScanning'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableRemovableDriveScanning $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6322
:: ----------------------------------------------------------
6323
 
6324
 
6325
:: ----------------------------------------------------------
6326
:: -----------------Disable scheduled scans------------------
6327
:: ----------------------------------------------------------
6328
echo --- Disable scheduled scans
6329
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay"
6330
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '8'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'ScheduleDay' /t 'REG_DWORD' /d "^""$data"^"" /f"
6331
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'ScanScheduleDay'; $value = '8'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -ScanScheduleDay $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6332
:: ----------------------------------------------------------
6333
 
6334
 
6335
:: ----------------------------------------------------------
6336
:: ---------Disable randomizing scheduled task times---------
6337
:: ----------------------------------------------------------
6338
echo --- Disable randomizing scheduled task times
6339
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender!RandomizeScheduleTaskTimes"
6340
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender' /v 'RandomizeScheduleTaskTimes' /t 'REG_DWORD' /d "^""$data"^"" /f"
6341
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'RandomizeScheduleTaskTimes'; $value = $False; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -RandomizeScheduleTaskTimes $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6342
:: ----------------------------------------------------------
6343
 
6344
 
6345
:: ----------------------------------------------------------
6346
:: ---------------Disable scheduled full-scans---------------
6347
:: ----------------------------------------------------------
6348
echo --- Disable scheduled full-scans
6349
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters"
6350
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'ScanParameters' /t 'REG_DWORD' /d "^""$data"^"" /f"
6351
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'ScanParameters'; $value = '1'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -ScanParameters $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6352
:: ----------------------------------------------------------
6353
 
6354
 
6355
:: ----------------------------------------------------------
6356
:: -----------Minimize daily quick scan frequency------------
6357
:: ----------------------------------------------------------
6358
echo --- Minimize daily quick scan frequency
6359
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval"
6360
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '24'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'QuickScanInterval' /t 'REG_DWORD' /d "^""$data"^"" /f"
6361
:: ----------------------------------------------------------
6362
 
6363
 
6364
:: Disable scanning after security intelligence (signature) update
6365
echo --- Disable scanning after security intelligence (signature) update
6366
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScanOnUpdate"
6367
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'DisableScanOnUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
6368
:: ----------------------------------------------------------
6369
 
6370
 
6371
:: ----------------------------------------------------------
6372
:: ---------Disable Defender Antivirus AMSI provider---------
6373
:: ----------------------------------------------------------
6374
echo --- Disable Defender Antivirus AMSI provider
6375
:: Soft-delete the registry key: HKLM\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE} 
6376
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6377
:: Soft-delete the registry key: HKLM\SOFTWARE\WOW6432Node\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE} 
6378
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\WOW6432Node\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6379
:: Soft-delete the registry key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Validation\{2781761E-28E0-4109-99FE-B9D127C57AFE} 
6380
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Validation\{2781761E-28E0-4109-99FE-B9D127C57AFE}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6381
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE} as TrustedInstaller
6382
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6383
:: Soft-delete the registry key: HKLM\Software\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE} as TrustedInstaller
6384
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6385
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpOav.dll"  as TrustedInstaller
6386
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpOav.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6387
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE} as TrustedInstaller
6388
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6389
:: Soft-delete the registry key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Validation\{2781761E-28E1-4109-99FE-B9D127C57AFE} 
6390
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Validation\{2781761E-28E1-4109-99FE-B9D127C57AFE}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6391
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2781761E-28E1-4109-99FE-B9D127C57AFE} 
6392
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2781761E-28E1-4109-99FE-B9D127C57AFE}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6393
:: ----------------------------------------------------------
6394
 
6395
 
6396
:: ----------------------------------------------------------
6397
:: -------Disable Defender Antivirus UAC AMSI provider-------
6398
:: ----------------------------------------------------------
6399
echo --- Disable Defender Antivirus UAC AMSI provider
6400
:: Soft-delete the registry key: HKLM\Software\Microsoft\AMSI\UacProviders\{2781761E-28E2-4109-99FE-B9D127C57AFE} 
6401
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\Software\Microsoft\AMSI\UacProviders\{2781761E-28E2-4109-99FE-B9D127C57AFE}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6402
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE} as TrustedInstaller
6403
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6404
:: Soft-delete the registry key: HKLM\Software\Classes\Wow6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE} 
6405
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\Software\Classes\Wow6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6406
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{2781761E-28E2-4109-99FE-B9D127C57AFE} as TrustedInstaller
6407
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{2781761E-28E2-4109-99FE-B9D127C57AFE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6408
:: Soft-delete the registry key: HKLM\Software\Classes\Wow6432Node\AppID\{2781761E-28E2-4109-99FE-B9D127C57AFE} as TrustedInstaller
6409
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\Wow6432Node\AppID\{2781761E-28E2-4109-99FE-B9D127C57AFE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6410
:: ----------------------------------------------------------
6411
 
6412
 
6413
:: Disable Antimalware Scan Interface (AMSI) for current user
6414
echo --- Disable Antimalware Scan Interface (AMSI) for current user
6415
:: Set the registry value: "HKCU\Software\Microsoft\Windows Script\Settings!AmsiEnable"
6416
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows Script\Settings'; $data =  '0'; reg add 'HKCU\Software\Microsoft\Windows Script\Settings' /v 'AmsiEnable' /t 'REG_DWORD' /d "^""$data"^"" /f"
6417
:: ----------------------------------------------------------
6418
 
6419
 
6420
:: ----------------------------------------------------------
6421
:: -------------Minimize CPU usage during scans--------------
6422
:: ----------------------------------------------------------
6423
echo --- Minimize CPU usage during scans
6424
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'ScanAvgCPULoadFactor'; $value = '1'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -ScanAvgCPULoadFactor $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6425
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor"
6426
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'AvgCPULoadFactor' /t 'REG_DWORD' /d "^""$data"^"" /f"
6427
:: ----------------------------------------------------------
6428
 
6429
 
6430
:: ----------------------------------------------------------
6431
:: -----------Minimize CPU usage during idle scans-----------
6432
:: ----------------------------------------------------------
6433
echo --- Minimize CPU usage during idle scans
6434
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableCpuThrottleOnIdleScans'; $value = $False; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableCpuThrottleOnIdleScans $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6435
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCpuThrottleOnIdleScans"
6436
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableCpuThrottleOnIdleScans' /t 'REG_DWORD' /d "^""$data"^"" /f"
6437
:: ----------------------------------------------------------
6438
 
6439
 
6440
:: ----------------------------------------------------------
6441
:: ----------Disable Defender archive file scanning----------
6442
:: ----------------------------------------------------------
6443
echo --- Disable Defender archive file scanning
6444
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableArchiveScanning"
6445
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'DisableArchiveScanning' /t 'REG_DWORD' /d "^""$data"^"" /f"
6446
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'DisableArchiveScanning'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -DisableArchiveScanning $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6447
:: ----------------------------------------------------------
6448
 
6449
 
6450
:: ----------------------------------------------------------
6451
:: ---------Minimize scanning depth of archive files---------
6452
:: ----------------------------------------------------------
6453
echo --- Minimize scanning depth of archive files
6454
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth"
6455
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'ArchiveMaxDepth' /t 'REG_DWORD' /d "^""$data"^"" /f"
6456
:: ----------------------------------------------------------
6457
 
6458
 
6459
:: ----------------------------------------------------------
6460
:: ------Minimize file size for scanning archive files-------
6461
:: ----------------------------------------------------------
6462
echo --- Minimize file size for scanning archive files
6463
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize"
6464
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Scan' /v 'ArchiveMaxSize' /t 'REG_DWORD' /d "^""$data"^"" /f"
6465
:: ----------------------------------------------------------
6466
 
6467
 
6468
:: ----------------------------------------------------------
6469
:: -----Disable Defender Antivirus remote configuration------
6470
:: ----------------------------------------------------------
6471
echo --- Disable Defender Antivirus remote configuration
6472
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B} as TrustedInstaller
6473
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6474
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\DefenderCSP.dll"  as TrustedInstaller
6475
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\DefenderCSP.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6476
:: ----------------------------------------------------------
6477
 
6478
 
6479
:: ----------------------------------------------------------
6480
:: --------Disable Defender Antivirus remote commands--------
6481
:: ----------------------------------------------------------
6482
echo --- Disable Defender Antivirus remote commands
6483
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35} as TrustedInstaller
6484
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6485
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446} as TrustedInstaller
6486
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6487
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC} as TrustedInstaller
6488
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6489
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpProvider.dll"  as TrustedInstaller
6490
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpProvider.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6491
:: ----------------------------------------------------------
6492
 
6493
 
6494
:: Disable forced security intelligence (signature) updates from Microsoft Update
6495
echo --- Disable forced security intelligence (signature) updates from Microsoft Update
6496
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ForceUpdateFromMU"
6497
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'ForceUpdateFromMU' /t 'REG_DWORD' /d "^""$data"^"" /f"
6498
:: ----------------------------------------------------------
6499
 
6500
 
6501
:: Disable security intelligence (signature) updates when running on battery power
6502
echo --- Disable security intelligence (signature) updates when running on battery power
6503
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScheduledSignatureUpdateOnBattery"
6504
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'DisableScheduledSignatureUpdateOnBattery' /t 'REG_DWORD' /d "^""$data"^"" /f"
6505
:: ----------------------------------------------------------
6506
 
6507
 
6508
:: Disable startup check for latest virus and spyware security intelligence (signature)
6509
echo --- Disable startup check for latest virus and spyware security intelligence (signature)
6510
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!UpdateOnStartUp"
6511
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'UpdateOnStartUp' /t 'REG_DWORD' /d "^""$data"^"" /f"
6512
:: ----------------------------------------------------------
6513
 
6514
 
6515
:: Disable catch-up security intelligence (signature) updates
6516
echo --- Disable catch-up security intelligence (signature) updates
6517
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval"
6518
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'SignatureUpdateCatchupInterval' /t 'REG_DWORD' /d "^""$data"^"" /f"
6519
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'SignatureUpdateCatchupInterval'; $value = '0'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -SignatureUpdateCatchupInterval $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6520
:: ----------------------------------------------------------
6521
 
6522
 
6523
:: Minimize spyware security intelligence (signature) updates
6524
echo --- Minimize spyware security intelligence (signature) updates
6525
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue"
6526
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '4294967295'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'ASSignatureDue' /t 'REG_DWORD' /d "^""$data"^"" /f"
6527
:: ----------------------------------------------------------
6528
 
6529
 
6530
:: ----------------------------------------------------------
6531
:: -Minimize virus security intelligence (signature) updates-
6532
:: ----------------------------------------------------------
6533
echo --- Minimize virus security intelligence (signature) updates
6534
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue"
6535
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '4294967295'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'AVSignatureDue' /t 'REG_DWORD' /d "^""$data"^"" /f"
6536
:: ----------------------------------------------------------
6537
 
6538
 
6539
:: Disable security intelligence (signature) update on startup
6540
echo --- Disable security intelligence (signature) update on startup
6541
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableUpdateOnStartupWithoutEngine"
6542
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'DisableUpdateOnStartupWithoutEngine' /t 'REG_DWORD' /d "^""$data"^"" /f"
6543
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'SignatureDisableUpdateOnStartupWithoutEngine'; $value = $True; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -SignatureDisableUpdateOnStartupWithoutEngine $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6544
:: ----------------------------------------------------------
6545
 
6546
 
6547
:: Disable automatic checks for security intelligence (signature) updates
6548
echo --- Disable automatic checks for security intelligence (signature) updates
6549
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay"
6550
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '8'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'ScheduleDay' /t 'REG_DWORD' /d "^""$data"^"" /f"
6551
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'SignatureScheduleDay'; $value = '8'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -SignatureScheduleDay $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6552
:: ----------------------------------------------------------
6553
 
6554
 
6555
:: Minimize checks for security intelligence (signature) updates
6556
echo --- Minimize checks for security intelligence (signature) updates
6557
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval"
6558
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '24'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'SignatureUpdateInterval' /t 'REG_DWORD' /d "^""$data"^"" /f"
6559
PowerShell -ExecutionPolicy Unrestricted -Command "$propertyName = 'SignatureUpdateInterval'; $value = '24'; if((Get-MpPreference -ErrorAction Ignore).$propertyName -eq $value) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is already `"^""$value`"^"" as desired."^""; exit 0; }; $command = Get-Command 'Set-MpPreference' -ErrorAction Ignore; if (!$command) { Write-Warning 'Skipping. Command not found: "^""Set-MpPreference"^"".'; exit 0; }; if(!$command.Parameters.Keys.Contains($propertyName)) { Write-Host "^""Skipping. `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; }; try { Invoke-Expression "^""$($command.Name) -Force -$propertyName `$value -ErrorAction Stop"^""; Set-MpPreference -Force -SignatureUpdateInterval $value -ErrorAction Stop; Write-Host "^""Successfully set `"^""$propertyName`"^"" to `"^""$value`"^""."^""; exit 0; } catch { if ( $_.FullyQualifiedErrorId -like '*0x800106ba*') { Write-Warning "^""Cannot $($command.Name): Defender service (WinDefend) is not running. Try to enable it (revert) and re-run this?"^""; exit 0; } elseif (($_ | Out-String) -like '*Cannot convert*') { Write-Host "^""Skipping. Argument `"^""$value`"^"" for property `"^""$propertyName`"^"" is not supported for `"^""$($command.Name)`"^""."^""; exit 0; } else { Write-Error "^""Failed to set using $($command.Name): $_"^""; exit 1; }; }"
6560
:: ----------------------------------------------------------
6561
 
6562
 
6563
:: Disable definition updates via WSUS and Microsoft Malware Protection Center
6564
echo --- Disable definition updates via WSUS and Microsoft Malware Protection Center
6565
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!CheckAlternateHttpLocation"
6566
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'CheckAlternateHttpLocation' /t 'REG_DWORD' /d "^""$data"^"" /f"
6567
:: ----------------------------------------------------------
6568
 
6569
 
6570
:: Disable definition updates through both WSUS and Windows Update
6571
echo --- Disable definition updates through both WSUS and Windows Update
6572
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!CheckAlternateDownloadLocation"
6573
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates' /v 'CheckAlternateDownloadLocation' /t 'REG_DWORD' /d "^""$data"^"" /f"
6574
:: ----------------------------------------------------------
6575
 
6576
 
6577
:: Disable Defender Antivirus service (breaks `Set-MpPreference` cmdlet)
6578
echo --- Disable Defender Antivirus service (breaks `Set-MpPreference` cmdlet)
6579
:: Disable the service `WinDefend` using TrustedInstaller privileges
6580
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''WinDefend'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6581
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MsMpEng.exe"  as TrustedInstaller
6582
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MsMpEng.exe"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6583
:: Check and terminate the running process "MsMpEng.exe"
6584
tasklist /fi "ImageName eq MsMpEng.exe" /fo csv 2>NUL | find /i "MsMpEng.exe">NUL && (
6585
    echo MsMpEng.exe is running and will be killed.
6586
    taskkill /f /im MsMpEng.exe
6587
) || (
6588
    echo Skipping, MsMpEng.exe is not running.
6589
)
6590
:: Configure termination of "MsMpEng.exe" immediately upon its startup
6591
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe!Debugger"
6592
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
6593
:: Add a rule to prevent the executable "MsMpEng.exe" from running via File Explorer
6594
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MsMpEng.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
6595
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
6596
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
6597
:: ----------------------------------------------------------
6598
 
6599
 
6600
:: ----------------------------------------------------------
6601
:: -----Disable Defender Antivirus service in Safe Mode------
6602
:: ----------------------------------------------------------
6603
echo --- Disable Defender Antivirus service in Safe Mode
6604
:: Soft-delete the registry key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend 
6605
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6606
:: Soft-delete the registry key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend 
6607
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
6608
:: ----------------------------------------------------------
6609
 
6610
 
6611
:: ----------------------------------------------------------
6612
:: ----Disable Defender Antivirus service always-on state----
6613
:: ----------------------------------------------------------
6614
echo --- Disable Defender Antivirus service always-on state
6615
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender!ServiceKeepAlive"
6616
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender' /v 'ServiceKeepAlive' /t 'REG_DWORD' /d "^""$data"^"" /f"
6617
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware!ServiceKeepAlive"
6618
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'ServiceKeepAlive' /t 'REG_DWORD' /d "^""$data"^"" /f"
6619
:: ----------------------------------------------------------
6620
 
6621
 
6622
:: ----------------------------------------------------------
6623
:: -Disable Defender Antivirus service high-priority startup-
6624
:: ----------------------------------------------------------
6625
echo --- Disable Defender Antivirus service high-priority startup
6626
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender!AllowFastServiceStartup"
6627
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender' /v 'AllowFastServiceStartup' /t 'REG_DWORD' /d "^""$data"^"" /f"
6628
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware!AllowFastServiceStartup"
6629
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'AllowFastServiceStartup' /t 'REG_DWORD' /d "^""$data"^"" /f"
6630
:: ----------------------------------------------------------
6631
 
6632
 
6633
:: ----------------------------------------------------------
6634
:: ---Disable Defender Antivirus service automatic launch----
6635
:: ----------------------------------------------------------
6636
echo --- Disable Defender Antivirus service automatic launch
6637
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender!ServiceStartStates"
6638
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender'' `'+"^""`r`n"^""+'    /v ''ServiceStartStates'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
6639
:: ----------------------------------------------------------
6640
 
6641
 
6642
:: ----------------------------------------------------------
6643
:: -----Disable Defender Antivirus service active state------
6644
:: ----------------------------------------------------------
6645
echo --- Disable Defender Antivirus service active state
6646
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender!IsServiceRunning"
6647
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender'' `'+"^""`r`n"^""+'    /v ''IsServiceRunning'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
6648
:: ----------------------------------------------------------
6649
 
6650
 
6651
:: ----------------------------------------------------------
6652
:: -----Disable Defender Antivirus data storage location-----
6653
:: ----------------------------------------------------------
6654
echo --- Disable Defender Antivirus data storage location
6655
:: Delete the registry value "ProductAppDataPath" from the key "HKLM\SOFTWARE\Microsoft\Windows Defender" 
6656
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$keyName = ''HKLM\SOFTWARE\Microsoft\Windows Defender'''+"^""`r`n"^""+'$valueName = ''ProductAppDataPath'''+"^""`r`n"^""+'$hive = $keyName.Split(''\'')[0]'+"^""`r`n"^""+'$path = "^""$($hive):$($keyName.Substring($hive.Length))"^""'+"^""`r`n"^""+'Write-Host "^""Removing the registry value ''$valueName'' from ''$path''."^""'+"^""`r`n"^""+'if (-Not (Test-Path -LiteralPath $path)) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no action needed, registry key does not exist.'''+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name'+"^""`r`n"^""+'if (-Not ($existingValueNames -Contains $valueName)) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no action needed, registry value does not exist.'''+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    if ($valueName -ieq ''(default)'') {'+"^""`r`n"^""+'        Write-Host ''Removing the default value.'''+"^""`r`n"^""+'        $(Get-Item -LiteralPath $path).OpenSubKey('''', $true).DeleteValue('''')'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        Remove-ItemProperty `'+"^""`r`n"^""+'            -LiteralPath $path `'+"^""`r`n"^""+'            -Name $valueName `'+"^""`r`n"^""+'            -Force `'+"^""`r`n"^""+'            -ErrorAction Stop'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host ''Successfully removed the registry value.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""'+"^""`r`n"^""+'} '; Invoke-AsTrustedInstaller $cmd"
6657
:: ----------------------------------------------------------
6658
 
6659
 
6660
:: ----------------------------------------------------------
6661
:: --------Disable Defender Antivirus service module---------
6662
:: ----------------------------------------------------------
6663
echo --- Disable Defender Antivirus service module
6664
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpSvc.dll"  as TrustedInstaller
6665
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpSvc.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6666
:: ----------------------------------------------------------
6667
 
6668
 
6669
:: ----------------------------------------------------------
6670
:: ------Disable Defender Antivirus antimalware engine-------
6671
:: ----------------------------------------------------------
6672
echo --- Disable Defender Antivirus antimalware engine
6673
:: Soft delete files matching pattern: "%PROGRAMDATA%\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll"  as TrustedInstaller
6674
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6675
:: Soft delete files matching pattern: "%PROGRAMDATA%\Microsoft\Windows Defender\Definition Updates\{*}\mpengine.dll"  as TrustedInstaller
6676
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows Defender\Definition Updates\{*}\mpengine.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6677
:: Soft delete files matching pattern: "%PROGRAMDATA%\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\mpengine_etw.dll"  as TrustedInstaller
6678
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\mpengine_etw.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6679
:: ----------------------------------------------------------
6680
 
6681
 
6682
:: ----------------------------------------------------------
6683
:: -----Disable Defender Antivirus communication module------
6684
:: ----------------------------------------------------------
6685
echo --- Disable Defender Antivirus communication module
6686
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MpCommu.dll"  as TrustedInstaller
6687
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MpCommu.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6688
:: ----------------------------------------------------------
6689
 
6690
 
6691
:: Disable Defender Antivirus service communication with apps
6692
echo --- Disable Defender Antivirus service communication with apps
6693
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7} as TrustedInstaller
6694
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6695
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} as TrustedInstaller
6696
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6697
:: Soft-delete the registry key: HKLM\Software\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF43B} as TrustedInstaller
6698
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF43B}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6699
:: Soft delete files matching pattern: "%PROGRAMFILES%\Windows Defender\MsMpCom.dll"  as TrustedInstaller
6700
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$pathGlobPattern = "^""%PROGRAMFILES%\Windows Defender\MsMpCom.dll"^""'+"^""`r`n"^""+'$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)'+"^""`r`n"^""+'Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""'+"^""`r`n"^""+''+"^""`r`n"^""+'$renamedCount   = 0'+"^""`r`n"^""+'$skippedCount   = 0'+"^""`r`n"^""+'$failedCount    = 0'+"^""`r`n"^""+''+"^""`r`n"^""+'$foundAbsolutePaths = @()'+"^""`r`n"^""+''+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    $foundAbsolutePaths += @('+"^""`r`n"^""+'        Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName'+"^""`r`n"^""+'    )'+"^""`r`n"^""+'} catch [System.Management.Automation.ItemNotFoundException] {'+"^""`r`n"^""+'    <# Swallow, do not run `Test-Path` before, it''s unreliable for globs requiring extra permissions #>'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$foundAbsolutePaths = $foundAbsolutePaths   `'+"^""`r`n"^""+'    | Select-Object -Unique                 `'+"^""`r`n"^""+'    | Sort-Object -Property { $_.Length } -Descending'+"^""`r`n"^""+'if (!$foundAbsolutePaths) {'+"^""`r`n"^""+'    Write-Host ''Skipping, no items available.'''+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""'+"^""`r`n"^""+'foreach ($path in $foundAbsolutePaths) {'+"^""`r`n"^""+'    if (Test-Path -Path $path -PathType Container) {'+"^""`r`n"^""+'    Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    continue'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if($revert -eq $true) {'+"^""`r`n"^""+'    if (-not $path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    if ($path.EndsWith(''.OLD'')) {'+"^""`r`n"^""+'        Write-Host "^""Skipping backup file: `"^""$path`"^""."^""'+"^""`r`n"^""+'        $skippedCount++'+"^""`r`n"^""+'        continue'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$originalFilePath = $path'+"^""`r`n"^""+'Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'if (-Not (Test-Path $originalFilePath)) {'+"^""`r`n"^""+'    Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""'+"^""`r`n"^""+'    $skippedCount++'+"^""`r`n"^""+'    exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+''+"^""`r`n"^""+'if ($revert -eq $true) {'+"^""`r`n"^""+'    $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4)'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    $newFilePath = "^""$($originalFilePath).OLD"^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""'+"^""`r`n"^""+'    $renamedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""'+"^""`r`n"^""+'    $failedCount++'+"^""`r`n"^""+'    '+"^""`r`n"^""+'}'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'if ($failedCount -gt 0) {'+"^""`r`n"^""+'    Write-Warning "^""Failed to process $($failedCount) items."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+''; Invoke-AsTrustedInstaller $cmd"
6701
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{AC30C2BA-0109-403D-9D8E-140BB470379C} as TrustedInstaller
6702
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{AC30C2BA-0109-403D-9D8E-140BB470379C}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6703
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{E2D74550-8E41-460E-BB51-52E1F9522134} as TrustedInstaller
6704
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{E2D74550-8E41-460E-BB51-52E1F9522134}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6705
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{CDFED399-7999-4309-B064-1EDE04BC580D} as TrustedInstaller
6706
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{CDFED399-7999-4309-B064-1EDE04BC580D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6707
:: ----------------------------------------------------------
6708
 
6709
 
6710
:: Disable "Windows Defender Firewall Authorization Driver" service (breaks Microsoft Store, `netsh advfirewall`, winget, Windows Sandbox, Docker, WSL)
6711
echo --- Disable "Windows Defender Firewall Authorization Driver" service (breaks Microsoft Store, `netsh advfirewall`, winget, Windows Sandbox, Docker, WSL)
6712
:: Disable the service `mpsdrv` 
6713
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'mpsdrv'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
6714
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\mpsdrv.sys" with additional permissions 
6715
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\mpsdrv.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6716
:: Suggest restarting computer for changes to take effect
6717
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
6718
:: ----------------------------------------------------------
6719
 
6720
 
6721
:: Disable "Windows Defender Firewall" service (breaks Microsoft Store, `netsh advfirewall`, winget, Windows Sandbox, Docker, WSL)
6722
echo --- Disable "Windows Defender Firewall" service (breaks Microsoft Store, `netsh advfirewall`, winget, Windows Sandbox, Docker, WSL)
6723
:: Disable the service `MpsSvc` 
6724
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'MpsSvc'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
6725
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\mpssvc.dll" with additional permissions 
6726
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\mpssvc.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6727
:: Suggest restarting computer for changes to take effect
6728
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
6729
:: ----------------------------------------------------------
6730
 
6731
 
6732
:: ----------------------------------------------------------
6733
:: ------Disable Microsoft Security WFP callout driver-------
6734
:: ----------------------------------------------------------
6735
echo --- Disable Microsoft Security WFP callout driver
6736
:: Disable service(s): `MsSecWfp`
6737
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'MsSecWfp'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
6738
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\mssecwfp.sys" with additional permissions 
6739
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\mssecwfp.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6740
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\mssecwfpu.dll" with additional permissions 
6741
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\mssecwfpu.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6742
:: ----------------------------------------------------------
6743
 
6744
 
6745
:: ----------------------------------------------------------
6746
:: ------Disable SmartScreen checks for apps and files-------
6747
:: ----------------------------------------------------------
6748
echo --- Disable SmartScreen checks for apps and files
6749
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer!SmartScreenEnabled"
6750
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer'; $data =  'Off'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' /v 'SmartScreenEnabled' /t 'REG_SZ' /d "^""$data"^"" /f"
6751
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer!SmartScreenEnabled"
6752
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer'; $data =  'Off'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer' /v 'SmartScreenEnabled' /t 'REG_SZ' /d "^""$data"^"" /f"
6753
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!EnableSmartScreen"
6754
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'EnableSmartScreen' /t 'REG_DWORD' /d "^""$data"^"" /f"
6755
:: ----------------------------------------------------------
6756
 
6757
 
6758
:: ----------------------------------------------------------
6759
:: ------Enable SmartScreen warning dismissal for apps-------
6760
:: ----------------------------------------------------------
6761
echo --- Enable SmartScreen warning dismissal for apps
6762
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!ShellSmartScreenLevel"
6763
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  'Warn'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'ShellSmartScreenLevel' /t 'REG_SZ' /d "^""$data"^"" /f"
6764
:: ----------------------------------------------------------
6765
 
6766
 
6767
:: ----------------------------------------------------------
6768
:: -----------------Disable Edge SmartScreen-----------------
6769
:: ----------------------------------------------------------
6770
echo --- Disable Edge SmartScreen
6771
:: Configure "SmartScreenEnabled" Edge policy
6772
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SmartScreenEnabled"
6773
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SmartScreenEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
6774
:: ----------------------------------------------------------
6775
 
6776
 
6777
:: ----------------------------------------------------------
6778
:: --Disable Edge SmartScreen for potentially unwanted apps--
6779
:: ----------------------------------------------------------
6780
echo --- Disable Edge SmartScreen for potentially unwanted apps
6781
:: Configure "SmartScreenPuaEnabled" Edge policy
6782
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SmartScreenPuaEnabled"
6783
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SmartScreenPuaEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
6784
:: ----------------------------------------------------------
6785
 
6786
 
6787
:: ----------------------------------------------------------
6788
:: --------Enable Edge SmartScreen warning dismissal---------
6789
:: ----------------------------------------------------------
6790
echo --- Enable Edge SmartScreen warning dismissal
6791
:: Configure "PreventSmartScreenPromptOverride" Edge policy
6792
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!PreventSmartScreenPromptOverride"
6793
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'PreventSmartScreenPromptOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
6794
:: ----------------------------------------------------------
6795
 
6796
 
6797
:: ----------------------------------------------------------
6798
:: ---Enable Edge SmartScreen warning dismissal for files----
6799
:: ----------------------------------------------------------
6800
echo --- Enable Edge SmartScreen warning dismissal for files
6801
:: Configure "PreventSmartScreenPromptOverrideForFiles" Edge policy
6802
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!PreventSmartScreenPromptOverrideForFiles"
6803
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'PreventSmartScreenPromptOverrideForFiles' /t 'REG_DWORD' /d "^""$data"^"" /f"
6804
:: ----------------------------------------------------------
6805
 
6806
 
6807
:: ----------------------------------------------------------
6808
:: ----------Disable Edge SmartScreen DNS requests-----------
6809
:: ----------------------------------------------------------
6810
echo --- Disable Edge SmartScreen DNS requests
6811
:: Configure "SmartScreenDnsRequestsEnabled" Edge policy
6812
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SmartScreenDnsRequestsEnabled"
6813
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SmartScreenDnsRequestsEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
6814
:: ----------------------------------------------------------
6815
 
6816
 
6817
:: Disable Edge SmartScreen checks on downloads from trusted sources
6818
echo --- Disable Edge SmartScreen checks on downloads from trusted sources
6819
:: Configure "SmartScreenForTrustedDownloadsEnabled" Edge policy
6820
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!SmartScreenForTrustedDownloadsEnabled"
6821
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'SmartScreenForTrustedDownloadsEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
6822
:: ----------------------------------------------------------
6823
 
6824
 
6825
:: ----------------------------------------------------------
6826
:: -----Disable outdated Edge SmartScreen library update-----
6827
:: ----------------------------------------------------------
6828
echo --- Disable outdated Edge SmartScreen library update
6829
:: Configure "NewSmartScreenLibraryEnabled" Edge policy
6830
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Edge!NewSmartScreenLibraryEnabled"
6831
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Edge'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Edge' /v 'NewSmartScreenLibraryEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
6832
:: ----------------------------------------------------------
6833
 
6834
 
6835
:: ----------------------------------------------------------
6836
:: ------------Disable Edge (Legacy) SmartScreen-------------
6837
:: ----------------------------------------------------------
6838
echo --- Disable Edge (Legacy) SmartScreen
6839
:: Configure "EnabledV9" Edge (Legacy) policy
6840
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter!EnabledV9"
6841
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter' /v 'EnabledV9' /t 'REG_DWORD' /d "^""$data"^"" /f"
6842
:: Set the registry value: "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter!EnabledV9"
6843
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter'; $data =  '0'; reg add 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter' /v 'EnabledV9' /t 'REG_DWORD' /d "^""$data"^"" /f"
6844
:: ----------------------------------------------------------
6845
 
6846
 
6847
:: ----------------------------------------------------------
6848
:: ----Enable Edge (Legacy) SmartScreen warning dismissal----
6849
:: ----------------------------------------------------------
6850
echo --- Enable Edge (Legacy) SmartScreen warning dismissal
6851
:: Configure "PreventOverride" Edge (Legacy) policy
6852
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter!PreventOverride"
6853
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter' /v 'PreventOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
6854
:: Set the registry value: "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter!PreventOverride"
6855
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter'; $data =  '0'; reg add 'HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter' /v 'PreventOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
6856
:: ----------------------------------------------------------
6857
 
6858
 
6859
:: ----------------------------------------------------------
6860
:: ------Disable outdated Internet Explorer SmartScreen------
6861
:: ----------------------------------------------------------
6862
echo --- Disable outdated Internet Explorer SmartScreen
6863
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2301"
6864
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0'; $data =  '3'; reg add 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' /v '2301' /t 'REG_DWORD' /d "^""$data"^"" /f"
6865
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2301"
6866
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1'; $data =  '3'; reg add 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' /v '2301' /t 'REG_DWORD' /d "^""$data"^"" /f"
6867
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2301"
6868
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2'; $data =  '3'; reg add 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' /v '2301' /t 'REG_DWORD' /d "^""$data"^"" /f"
6869
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2301"
6870
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3'; $data =  '3'; reg add 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' /v '2301' /t 'REG_DWORD' /d "^""$data"^"" /f"
6871
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2301"
6872
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4'; $data =  '3'; reg add 'HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' /v '2301' /t 'REG_DWORD' /d "^""$data"^"" /f"
6873
:: ----------------------------------------------------------
6874
 
6875
 
6876
:: Disable outdated Internet Explorer SmartScreen Filter component
6877
echo --- Disable outdated Internet Explorer SmartScreen Filter component
6878
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\ieapfltr.dll" with additional permissions 
6879
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\ieapfltr.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6880
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\ieapfltr.dll" with additional permissions 
6881
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\ieapfltr.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6882
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0} as TrustedInstaller
6883
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6884
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0} as TrustedInstaller
6885
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6886
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{3BC4EE9F-1FC1-44DB-81FA-AD94DEC7AF30} as TrustedInstaller
6887
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{3BC4EE9F-1FC1-44DB-81FA-AD94DEC7AF30}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6888
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{3BC4EE9F-1FC1-44DB-81FA-AD94DEC7AF30} as TrustedInstaller
6889
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{3BC4EE9F-1FC1-44DB-81FA-AD94DEC7AF30}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6890
:: ----------------------------------------------------------
6891
 
6892
 
6893
:: ----------------------------------------------------------
6894
:: ---------------Disable SmartScreen process----------------
6895
:: ----------------------------------------------------------
6896
echo --- Disable SmartScreen process
6897
:: Check and terminate the running process "smartscreen.exe"
6898
tasklist /fi "ImageName eq smartscreen.exe" /fo csv 2>NUL | find /i "smartscreen.exe">NUL && (
6899
    echo smartscreen.exe is running and will be killed.
6900
    taskkill /f /im smartscreen.exe
6901
) || (
6902
    echo Skipping, smartscreen.exe is not running.
6903
)
6904
:: Configure termination of "smartscreen.exe" immediately upon its startup
6905
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe!Debugger"
6906
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
6907
:: Add a rule to prevent the executable "smartscreen.exe" from running via File Explorer
6908
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='smartscreen.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
6909
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
6910
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
6911
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\smartscreen.exe" with additional permissions 
6912
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\smartscreen.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6913
:: ----------------------------------------------------------
6914
 
6915
 
6916
:: ----------------------------------------------------------
6917
:: --------------Disable SmartScreen libraries---------------
6918
:: ----------------------------------------------------------
6919
echo --- Disable SmartScreen libraries
6920
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\smartscreen.dll" with additional permissions 
6921
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\smartscreen.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6922
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\smartscreenps.dll" with additional permissions 
6923
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\smartscreenps.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6924
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\smartscreen.dll" with additional permissions 
6925
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\smartscreen.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6926
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\smartscreenps.dll" with additional permissions 
6927
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\smartscreenps.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
6928
:: ----------------------------------------------------------
6929
 
6930
 
6931
:: ----------------------------------------------------------
6932
:: -------------Disable SmartScreen integrations-------------
6933
:: ----------------------------------------------------------
6934
echo --- Disable SmartScreen integrations
6935
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{741baa78-e96f-466c-9ffa-81af5ce4cd59} as TrustedInstaller
6936
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{741baa78-e96f-466c-9ffa-81af5ce4cd59}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6937
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{741baa78-e96f-466c-9ffa-81af5ce4cd59} as TrustedInstaller
6938
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{741baa78-e96f-466c-9ffa-81af5ce4cd59}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6939
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{a3104ea9-a816-4fdc-860c-75408a04b686} as TrustedInstaller
6940
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{a3104ea9-a816-4fdc-860c-75408a04b686}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6941
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{a3104ea9-a816-4fdc-860c-75408a04b686} as TrustedInstaller
6942
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{a3104ea9-a816-4fdc-860c-75408a04b686}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6943
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{16ae6386-0aa2-45fc-aab2-f2ee3a0f3188} as TrustedInstaller
6944
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{16ae6386-0aa2-45fc-aab2-f2ee3a0f3188}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6945
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{16ae6386-0aa2-45fc-aab2-f2ee3a0f3188} as TrustedInstaller
6946
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{16ae6386-0aa2-45fc-aab2-f2ee3a0f3188}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6947
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{680d04e6-9661-4ac5-b962-58b112ffa5e6} as TrustedInstaller
6948
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{680d04e6-9661-4ac5-b962-58b112ffa5e6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6949
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{680d04e6-9661-4ac5-b962-58b112ffa5e6} as TrustedInstaller
6950
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{680d04e6-9661-4ac5-b962-58b112ffa5e6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6951
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{9ad9b845-b683-493e-8d39-45a56d54617d} as TrustedInstaller
6952
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{9ad9b845-b683-493e-8d39-45a56d54617d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6953
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9ad9b845-b683-493e-8d39-45a56d54617d} as TrustedInstaller
6954
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9ad9b845-b683-493e-8d39-45a56d54617d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6955
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{e9444d66-3ff9-5410-8984-f9063f825683} as TrustedInstaller
6956
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{e9444d66-3ff9-5410-8984-f9063f825683}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6957
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{e9444d66-3ff9-5410-8984-f9063f825683} as TrustedInstaller
6958
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{e9444d66-3ff9-5410-8984-f9063f825683}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6959
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{69c26f3c-53aa-56cc-818f-4be79004cd02} as TrustedInstaller
6960
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{69c26f3c-53aa-56cc-818f-4be79004cd02}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6961
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{69c26f3c-53aa-56cc-818f-4be79004cd02} as TrustedInstaller
6962
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{69c26f3c-53aa-56cc-818f-4be79004cd02}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6963
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{60f00258-24f8-5460-bb2d-853a614a50ec} as TrustedInstaller
6964
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{60f00258-24f8-5460-bb2d-853a614a50ec}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6965
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{60f00258-24f8-5460-bb2d-853a614a50ec} as TrustedInstaller
6966
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{60f00258-24f8-5460-bb2d-853a614a50ec}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6967
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{c729ad47-6f3a-46f4-af74-3b5c3311e6ed} as TrustedInstaller
6968
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{c729ad47-6f3a-46f4-af74-3b5c3311e6ed}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6969
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{c729ad47-6f3a-46f4-af74-3b5c3311e6ed} as TrustedInstaller
6970
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{c729ad47-6f3a-46f4-af74-3b5c3311e6ed}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6971
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{7fdde05c-d2db-495b-b06d-4a8d84f3ab99} as TrustedInstaller
6972
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{7fdde05c-d2db-495b-b06d-4a8d84f3ab99}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6973
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{7fdde05c-d2db-495b-b06d-4a8d84f3ab99} as TrustedInstaller
6974
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{7fdde05c-d2db-495b-b06d-4a8d84f3ab99}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6975
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{b2b6814f-02c2-5b0c-9e14-159eb77f4462} as TrustedInstaller
6976
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{b2b6814f-02c2-5b0c-9e14-159eb77f4462}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6977
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{b2b6814f-02c2-5b0c-9e14-159eb77f4462} as TrustedInstaller
6978
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{b2b6814f-02c2-5b0c-9e14-159eb77f4462}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6979
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{aad9a740-4131-5fe0-9888-c925750b8a99} as TrustedInstaller
6980
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{aad9a740-4131-5fe0-9888-c925750b8a99}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6981
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{aad9a740-4131-5fe0-9888-c925750b8a99} as TrustedInstaller
6982
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{aad9a740-4131-5fe0-9888-c925750b8a99}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6983
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{1d5bc3a2-a3ff-4517-bb16-25bf18ef7378} as TrustedInstaller
6984
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{1d5bc3a2-a3ff-4517-bb16-25bf18ef7378}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6985
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{1d5bc3a2-a3ff-4517-bb16-25bf18ef7378} as TrustedInstaller
6986
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{1d5bc3a2-a3ff-4517-bb16-25bf18ef7378}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6987
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{f84b2c99-2f3d-5877-bf78-4f40f6bd25c0} as TrustedInstaller
6988
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{f84b2c99-2f3d-5877-bf78-4f40f6bd25c0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6989
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{f84b2c99-2f3d-5877-bf78-4f40f6bd25c0} as TrustedInstaller
6990
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{f84b2c99-2f3d-5877-bf78-4f40f6bd25c0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6991
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{d164f201-3f19-588a-a21e-06c60651d335} as TrustedInstaller
6992
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{d164f201-3f19-588a-a21e-06c60651d335}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6993
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{d164f201-3f19-588a-a21e-06c60651d335} as TrustedInstaller
6994
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{d164f201-3f19-588a-a21e-06c60651d335}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6995
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{a774d785-2808-4471-a254-ab93932b61ea} as TrustedInstaller
6996
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{a774d785-2808-4471-a254-ab93932b61ea}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6997
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{a774d785-2808-4471-a254-ab93932b61ea} as TrustedInstaller
6998
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{a774d785-2808-4471-a254-ab93932b61ea}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
6999
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB} as TrustedInstaller
7000
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7001
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB} as TrustedInstaller
7002
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7003
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{3474d734-3408-4471-a344-a3439343634a} as TrustedInstaller
7004
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{3474d734-3408-4471-a344-a3439343634a}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7005
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3474d734-3408-4471-a344-a3439343634a} as TrustedInstaller
7006
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3474d734-3408-4471-a344-a3439343634a}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7007
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{48748dc6-576c-47c0-8169-b99cc31a68fe} as TrustedInstaller
7008
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{48748dc6-576c-47c0-8169-b99cc31a68fe}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7009
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{48748dc6-576c-47c0-8169-b99cc31a68fe} as TrustedInstaller
7010
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{48748dc6-576c-47c0-8169-b99cc31a68fe}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7011
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{0b3418c4-edbd-5275-a27d-c814665bd20b} as TrustedInstaller
7012
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{0b3418c4-edbd-5275-a27d-c814665bd20b}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7013
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0b3418c4-edbd-5275-a27d-c814665bd20b} as TrustedInstaller
7014
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0b3418c4-edbd-5275-a27d-c814665bd20b}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7015
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{e406ebb7-b140-562f-bcbc-40f0ef479d38} as TrustedInstaller
7016
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{e406ebb7-b140-562f-bcbc-40f0ef479d38}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7017
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{e406ebb7-b140-562f-bcbc-40f0ef479d38} as TrustedInstaller
7018
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{e406ebb7-b140-562f-bcbc-40f0ef479d38}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7019
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{67e7f99b-1b65-4343-825d-eb17c9681805} as TrustedInstaller
7020
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{67e7f99b-1b65-4343-825d-eb17c9681805}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7021
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{67e7f99b-1b65-4343-825d-eb17c9681805} as TrustedInstaller
7022
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{67e7f99b-1b65-4343-825d-eb17c9681805}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7023
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{56ed2384-8491-4fbc-8f1d-141faf905d85} as TrustedInstaller
7024
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{56ed2384-8491-4fbc-8f1d-141faf905d85}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7025
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{56ed2384-8491-4fbc-8f1d-141faf905d85} as TrustedInstaller
7026
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{56ed2384-8491-4fbc-8f1d-141faf905d85}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7027
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{c4c9b336-6104-586e-b35c-9f9029afb178} as TrustedInstaller
7028
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{c4c9b336-6104-586e-b35c-9f9029afb178}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7029
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{c4c9b336-6104-586e-b35c-9f9029afb178} as TrustedInstaller
7030
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{c4c9b336-6104-586e-b35c-9f9029afb178}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7031
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{235e004e-c711-5d74-8895-25412ca30088} as TrustedInstaller
7032
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{235e004e-c711-5d74-8895-25412ca30088}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7033
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{235e004e-c711-5d74-8895-25412ca30088} as TrustedInstaller
7034
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{235e004e-c711-5d74-8895-25412ca30088}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7035
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{ad6db2cf-0c8d-438b-b25d-9a9a82903b2b} as TrustedInstaller
7036
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{ad6db2cf-0c8d-438b-b25d-9a9a82903b2b}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7037
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{ad6db2cf-0c8d-438b-b25d-9a9a82903b2b} as TrustedInstaller
7038
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{ad6db2cf-0c8d-438b-b25d-9a9a82903b2b}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7039
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{d9dc3975-1062-470a-994c-409151ff8f54} as TrustedInstaller
7040
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{d9dc3975-1062-470a-994c-409151ff8f54}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7041
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{d9dc3975-1062-470a-994c-409151ff8f54} as TrustedInstaller
7042
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{d9dc3975-1062-470a-994c-409151ff8f54}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7043
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{343baa78-e34f-466c-9ffa-81af5ce4cd34} as TrustedInstaller
7044
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{343baa78-e34f-466c-9ffa-81af5ce4cd34}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7045
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{343baa78-e34f-466c-9ffa-81af5ce4cd34} as TrustedInstaller
7046
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{343baa78-e34f-466c-9ffa-81af5ce4cd34}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7047
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{377f919e-1b1a-5ca1-9ac0-70f57dcf5f61} as TrustedInstaller
7048
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{377f919e-1b1a-5ca1-9ac0-70f57dcf5f61}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7049
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{377f919e-1b1a-5ca1-9ac0-70f57dcf5f61} as TrustedInstaller
7050
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{377f919e-1b1a-5ca1-9ac0-70f57dcf5f61}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7051
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{1b988c32-1bc7-52fa-83ba-0b97e79c878b} as TrustedInstaller
7052
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{1b988c32-1bc7-52fa-83ba-0b97e79c878b}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7053
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{1b988c32-1bc7-52fa-83ba-0b97e79c878b} as TrustedInstaller
7054
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{1b988c32-1bc7-52fa-83ba-0b97e79c878b}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7055
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppId\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d} as TrustedInstaller
7056
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\AppId\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7057
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d} as TrustedInstaller
7058
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7059
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d} as TrustedInstaller
7060
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7061
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d} as TrustedInstaller
7062
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7063
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.EventLogger as TrustedInstaller
7064
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.EventLogger'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7065
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.UriReputationService as TrustedInstaller
7066
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.UriReputationService'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7067
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.AppReputationService as TrustedInstaller
7068
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.AppReputationService'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7069
:: ----------------------------------------------------------
7070
 
7071
 
7072
:: Disable SmartScreen Enhanced Phishing Protection Web background services
7073
echo --- Disable SmartScreen Enhanced Phishing Protection Web background services
7074
:: Disable service(s): `webthreatdefsvc`
7075
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7076
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $serviceName = 'webthreatdefsvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
7077
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\webthreatdefsvc.dll" with additional permissions 
7078
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7079
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\webthreatdefsvc.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7080
:: Disable per-user "webthreatdefusersvc" service for all users
7081
:: Disable the service `webthreatdefusersvc` 
7082
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7083
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $serviceQuery = 'webthreatdefusersvc'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
7084
:: Disable per-user "webthreatdefusersvc" service for individual user accounts
7085
:: Disable the service `webthreatdefusersvc_*` 
7086
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7087
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $serviceQuery = 'webthreatdefusersvc_*'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
7088
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\webthreatdefusersvc.dll" with additional permissions 
7089
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7090
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\webthreatdefusersvc.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7091
:: Soft-delete the registry key: HKLM\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc as TrustedInstaller
7092
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7093
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7094
:: Soft-delete the registry key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense 
7095
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7096
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7097
:: Soft-delete the registry key: HKLM\Software\Classes\Interface\{ac889b17-df54-4854-a439-d7b68d1e16e8} as TrustedInstaller
7098
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7099
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\Interface\{ac889b17-df54-4854-a439-d7b68d1e16e8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7100
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{E2F1C91D-C762-4B5A-A8C1-4734E48C5FF4} as TrustedInstaller
7101
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7102
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{E2F1C91D-C762-4B5A-A8C1-4734E48C5FF4}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7103
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Service.UserSessionServiceManager as TrustedInstaller
7104
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7105
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Service.UserSessionServiceManager'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7106
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Configuration.WTDUserSettings as TrustedInstaller
7107
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7108
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Configuration.WTDUserSettings'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7109
:: ----------------------------------------------------------
7110
 
7111
 
7112
:: Disable SmartScreen Enhanced Phishing Protection automatic data collection
7113
echo --- Disable SmartScreen Enhanced Phishing Protection automatic data collection
7114
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components!CaptureThreatWindow"
7115
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7116
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components' /v 'CaptureThreatWindow' /t 'REG_DWORD' /d "^""$data"^"" /f"
7117
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components!CaptureThreatWindow"
7118
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7119
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'' `'+"^""`r`n"^""+'    /v ''CaptureThreatWindow'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
7120
:: ----------------------------------------------------------
7121
 
7122
 
7123
:: Disable SmartScreen Enhanced Phishing Protection "potentially malicious" notifications
7124
echo --- Disable SmartScreen Enhanced Phishing Protection "potentially malicious" notifications
7125
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components!NotifyMalicious"
7126
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7127
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components' /v 'NotifyMalicious' /t 'REG_DWORD' /d "^""$data"^"" /f"
7128
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components!NotifyMalicious"
7129
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7130
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'' `'+"^""`r`n"^""+'    /v ''NotifyMalicious'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
7131
:: ----------------------------------------------------------
7132
 
7133
 
7134
:: Disable SmartScreen Enhanced Phishing Protection "password reuse" notifications
7135
echo --- Disable SmartScreen Enhanced Phishing Protection "password reuse" notifications
7136
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components!NotifyPasswordReuse"
7137
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7138
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components' /v 'NotifyPasswordReuse' /t 'REG_DWORD' /d "^""$data"^"" /f"
7139
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components!NotifyPasswordReuse"
7140
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7141
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'' `'+"^""`r`n"^""+'    /v ''NotifyPasswordReuse'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
7142
:: ----------------------------------------------------------
7143
 
7144
 
7145
:: Disable SmartScreen Enhanced Phishing Protection "unsafe apps" notifications
7146
echo --- Disable SmartScreen Enhanced Phishing Protection "unsafe apps" notifications
7147
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components!NotifyUnsafeApp"
7148
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7149
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components' /v 'NotifyUnsafeApp' /t 'REG_DWORD' /d "^""$data"^"" /f"
7150
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components!NotifyUnsafeApp"
7151
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7152
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'' `'+"^""`r`n"^""+'    /v ''NotifyUnsafeApp'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
7153
:: ----------------------------------------------------------
7154
 
7155
 
7156
:: Disable SmartScreen Enhanced Phishing Protection audit mode
7157
echo --- Disable SmartScreen Enhanced Phishing Protection audit mode
7158
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components!ServiceEnabled"
7159
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7160
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components' /v 'ServiceEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7161
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components!ServiceEnabled"
7162
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7163
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components'' `'+"^""`r`n"^""+'    /v ''ServiceEnabled'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
7164
:: ----------------------------------------------------------
7165
 
7166
 
7167
:: Disable SmartScreen Enhanced Phishing Protection warnings and prompts
7168
echo --- Disable SmartScreen Enhanced Phishing Protection warnings and prompts
7169
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\FeatureFlags!BlockUxDisabled"
7170
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7171
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\FeatureFlags'''+"^""`r`n"^""+'$data =  ''1'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\FeatureFlags'' `'+"^""`r`n"^""+'    /v ''BlockUxDisabled'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
7172
:: ----------------------------------------------------------
7173
 
7174
 
7175
:: Disable SmartScreen Enhanced Phishing Protection telemetry
7176
echo --- Disable SmartScreen Enhanced Phishing Protection telemetry
7177
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\FeatureFlags!TelemetryCallsEnabled"
7178
:: This operation will not run on Windows versions earlier than Windows11-22H2.
7179
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\FeatureFlags'''+"^""`r`n"^""+'$data =  ''0'''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\FeatureFlags'' `'+"^""`r`n"^""+'    /v ''TelemetryCallsEnabled'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
7180
:: ----------------------------------------------------------
7181
 
7182
 
7183
:: ----------------------------------------------------------
7184
:: ----Disable SmartScreen "App Install Control" feature-----
7185
:: ----------------------------------------------------------
7186
echo --- Disable SmartScreen "App Install Control" feature
7187
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen!ConfigureAppInstall"
7188
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen'; $data =  'Anywhere'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen' /v 'ConfigureAppInstall' /t 'REG_SZ' /d "^""$data"^"" /f"
7189
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen!ConfigureAppInstallControlEnabled"
7190
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen' /v 'ConfigureAppInstallControlEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7191
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer!AicEnabled"
7192
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer'; $data =  'Anywhere'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer' /v 'AicEnabled' /t 'REG_SZ' /d "^""$data"^"" /f"
7193
:: ----------------------------------------------------------
7194
 
7195
 
7196
:: ----------------------------------------------------------
7197
:: -Disable SmartScreen web content checking for Store apps--
7198
:: ----------------------------------------------------------
7199
echo --- Disable SmartScreen web content checking for Store apps
7200
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost!EnableWebContentEvaluation"
7201
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost' /v 'EnableWebContentEvaluation' /t 'REG_DWORD' /d "^""$data"^"" /f"
7202
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost!Enabled"
7203
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7204
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AppHost!EnableWebContentEvaluation"
7205
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AppHost'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AppHost' /v 'EnableWebContentEvaluation' /t 'REG_DWORD' /d "^""$data"^"" /f"
7206
:: ----------------------------------------------------------
7207
 
7208
 
7209
:: ----------------------------------------------------------
7210
:: ---Enable SmartScreen warning dismissal for Store apps----
7211
:: ----------------------------------------------------------
7212
echo --- Enable SmartScreen warning dismissal for Store apps
7213
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost!PreventOverride"
7214
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost' /v 'PreventOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
7215
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost!PreventOverride"
7216
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost' /v 'PreventOverride' /t 'REG_DWORD' /d "^""$data"^"" /f"
7217
:: ----------------------------------------------------------
7218
 
7219
 
7220
:: ----------------------------------------------------------
7221
:: -Disable "Windows Security" status reporting integrations-
7222
:: ----------------------------------------------------------
7223
echo --- Disable "Windows Security" status reporting integrations
7224
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\wscisvif.dll" with additional permissions 
7225
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\wscisvif.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7226
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\wscisvif.dll" with additional permissions 
7227
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\wscisvif.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7228
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2} as TrustedInstaller
7229
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7230
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2} as TrustedInstaller
7231
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7232
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{D5F7E36B-5B38-445D-A50F-439B8FCBB87A} as TrustedInstaller
7233
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{D5F7E36B-5B38-445D-A50F-439B8FCBB87A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7234
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{D5F7E36B-5B38-445D-A50F-439B8FCBB87A} as TrustedInstaller
7235
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{D5F7E36B-5B38-445D-A50F-439B8FCBB87A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7236
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\wscapi.dll" with additional permissions 
7237
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\wscapi.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7238
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\wscapi.dll" with additional permissions 
7239
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\wscapi.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7240
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{2981a36e-f22d-11e5-9ce9-5e5517507c66} as TrustedInstaller
7241
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{2981a36e-f22d-11e5-9ce9-5e5517507c66}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7242
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{2981a36e-f22d-11e5-9ce9-5e5517507c66} as TrustedInstaller
7243
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{2981a36e-f22d-11e5-9ce9-5e5517507c66}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7244
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{17072F7B-9ABE-4A74-A261-1EB76B55107A} as TrustedInstaller
7245
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{17072F7B-9ABE-4A74-A261-1EB76B55107A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7246
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{17072F7B-9ABE-4A74-A261-1EB76B55107A} as TrustedInstaller
7247
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{17072F7B-9ABE-4A74-A261-1EB76B55107A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7248
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\TypeLib\{B52A4496-7753-4F74-BE64-C2072E308122} as TrustedInstaller
7249
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\TypeLib\{B52A4496-7753-4F74-BE64-C2072E308122}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7250
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{B52A4496-7753-4F74-BE64-C2072E308122} as TrustedInstaller
7251
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{B52A4496-7753-4F74-BE64-C2072E308122}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7252
:: Soft-delete the registry key: HKLM\Software\Classes\wscAPI.WSCProductList as TrustedInstaller
7253
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\wscAPI.WSCProductList'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7254
:: Soft-delete the registry key: HKLM\Software\Classes\wscAPI.WSCProductList.1 as TrustedInstaller
7255
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\wscAPI.WSCProductList.1'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7256
:: Soft-delete the registry key: HKLM\Software\Classes\wscAPI.WSCDefaultProduct as TrustedInstaller
7257
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\wscAPI.WSCDefaultProduct'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7258
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{7E66DBEF-2474-4E82-919B-9A855F4C2FE8} as TrustedInstaller
7259
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{7E66DBEF-2474-4E82-919B-9A855F4C2FE8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7260
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7E66DBEF-2474-4E82-919B-9A855F4C2FE8} as TrustedInstaller
7261
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7E66DBEF-2474-4E82-919B-9A855F4C2FE8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7262
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\wscproxystub.dll" with additional permissions 
7263
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\wscproxystub.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7264
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\wscproxystub.dll" with additional permissions 
7265
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\wscproxystub.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7266
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{8C38232E-3A45-4A27-92B0-1A16A975F669} as TrustedInstaller
7267
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{8C38232E-3A45-4A27-92B0-1A16A975F669}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7268
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8C38232E-3A45-4A27-92B0-1A16A975F669} as TrustedInstaller
7269
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8C38232E-3A45-4A27-92B0-1A16A975F669}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7270
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{8C38232E-3A45-4A27-92B0-1A16A975F669} as TrustedInstaller
7271
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{8C38232E-3A45-4A27-92B0-1A16A975F669}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7272
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8C38232E-3A45-4A27-92B0-1A16A975F669} as TrustedInstaller
7273
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8C38232E-3A45-4A27-92B0-1A16A975F669}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7274
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{F896CA54-FE09-4403-86D4-23CB488D81D8} as TrustedInstaller
7275
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{F896CA54-FE09-4403-86D4-23CB488D81D8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7276
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F896CA54-FE09-4403-86D4-23CB488D81D8} as TrustedInstaller
7277
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F896CA54-FE09-4403-86D4-23CB488D81D8}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7278
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{55536524-D1D1-4726-8C7C-04996A1904E7} as TrustedInstaller
7279
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{55536524-D1D1-4726-8C7C-04996A1904E7}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7280
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{55536524-D1D1-4726-8C7C-04996A1904E7} as TrustedInstaller
7281
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{55536524-D1D1-4726-8C7C-04996A1904E7}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7282
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{722A338C-6E8E-4E72-AC27-1417FB0C81C2} as TrustedInstaller
7283
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{722A338C-6E8E-4E72-AC27-1417FB0C81C2}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7284
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{722A338C-6E8E-4E72-AC27-1417FB0C81C2} as TrustedInstaller
7285
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{722A338C-6E8E-4E72-AC27-1417FB0C81C2}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7286
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{0476d69c-f21a-11e5-9ce9-5e5517507c66} as TrustedInstaller
7287
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{0476d69c-f21a-11e5-9ce9-5e5517507c66}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7288
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0476d69c-f21a-11e5-9ce9-5e5517507c66} as TrustedInstaller
7289
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0476d69c-f21a-11e5-9ce9-5e5517507c66}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7290
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{A61406C1-997B-4a4b-B622-AA7DACA6D575} as TrustedInstaller
7291
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{A61406C1-997B-4a4b-B622-AA7DACA6D575}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7292
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A61406C1-997B-4a4b-B622-AA7DACA6D575} as TrustedInstaller
7293
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A61406C1-997B-4a4b-B622-AA7DACA6D575}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7294
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{3901A765-AB91-4ba9-A553-5B8538DEB840} as TrustedInstaller
7295
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{3901A765-AB91-4ba9-A553-5B8538DEB840}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7296
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3901A765-AB91-4ba9-A553-5B8538DEB840} as TrustedInstaller
7297
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3901A765-AB91-4ba9-A553-5B8538DEB840}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7298
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{206D9C96-ACDF-484B-833E-DEB914565E44} as TrustedInstaller
7299
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{206D9C96-ACDF-484B-833E-DEB914565E44}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7300
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{206D9C96-ACDF-484B-833E-DEB914565E44} as TrustedInstaller
7301
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{206D9C96-ACDF-484B-833E-DEB914565E44}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7302
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{CF007CA2-F5E3-11E5-9CE9-5E5517507C66} as TrustedInstaller
7303
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{CF007CA2-F5E3-11E5-9CE9-5E5517507C66}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7304
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{CF007CA2-F5E3-11E5-9CE9-5E5517507C66} as TrustedInstaller
7305
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{CF007CA2-F5E3-11E5-9CE9-5E5517507C66}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7306
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{4DCBAFAC-29BA-46B1-80FC-B8BDE3C0AE4D} as TrustedInstaller
7307
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{4DCBAFAC-29BA-46B1-80FC-B8BDE3C0AE4D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7308
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{4DCBAFAC-29BA-46B1-80FC-B8BDE3C0AE4D} as TrustedInstaller
7309
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{4DCBAFAC-29BA-46B1-80FC-B8BDE3C0AE4D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7310
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{9B8F6C6E-8A4A-4891-AF63-1A2F50924040} as TrustedInstaller
7311
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{9B8F6C6E-8A4A-4891-AF63-1A2F50924040}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7312
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9B8F6C6E-8A4A-4891-AF63-1A2F50924040} as TrustedInstaller
7313
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9B8F6C6E-8A4A-4891-AF63-1A2F50924040}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7314
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{62F698CB-094A-4C68-9419-8E8C49420E59} as TrustedInstaller
7315
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{62F698CB-094A-4C68-9419-8E8C49420E59}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7316
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{62F698CB-094A-4C68-9419-8E8C49420E59} as TrustedInstaller
7317
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{62F698CB-094A-4C68-9419-8E8C49420E59}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7318
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{024E9756-BA6C-4ad1-8321-87BAE78FD0E3} as TrustedInstaller
7319
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{024E9756-BA6C-4ad1-8321-87BAE78FD0E3}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7320
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{024E9756-BA6C-4ad1-8321-87BAE78FD0E3} as TrustedInstaller
7321
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{024E9756-BA6C-4ad1-8321-87BAE78FD0E3}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7322
:: ----------------------------------------------------------
7323
 
7324
 
7325
:: ----------------------------------------------------------
7326
:: --------------Disable Defender Shell Service--------------
7327
:: ----------------------------------------------------------
7328
echo --- Disable Defender Shell Service
7329
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578} as TrustedInstaller
7330
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7331
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7332
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76} as TrustedInstaller
7333
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7334
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7335
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthSSO.dll" with additional permissions 
7336
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthSSO.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7337
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealth\*\SecurityHealthSSO.dll" with additional permissions 
7338
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7339
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealth\*\SecurityHealthSSO.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7340
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthSsoUdk.dll" with additional permissions 
7341
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7342
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthSsoUdk.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7343
:: ----------------------------------------------------------
7344
 
7345
 
7346
:: ----------------------------------------------------------
7347
:: --------Disable "Windows Security Service" service--------
7348
:: ----------------------------------------------------------
7349
echo --- Disable "Windows Security Service" service
7350
:: Disable the service `SecurityHealthService` using TrustedInstaller privileges
7351
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''SecurityHealthService'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7352
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthService.exe" with additional permissions 
7353
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthService.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7354
:: Check and terminate the running process "SecurityHealthService.exe"
7355
tasklist /fi "ImageName eq SecurityHealthService.exe" /fo csv 2>NUL | find /i "SecurityHealthService.exe">NUL && (
7356
    echo SecurityHealthService.exe is running and will be killed.
7357
    taskkill /f /im SecurityHealthService.exe
7358
) || (
7359
    echo Skipping, SecurityHealthService.exe is not running.
7360
)
7361
:: Configure termination of "SecurityHealthService.exe" immediately upon its startup
7362
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityHealthService.exe!Debugger"
7363
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityHealthService.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityHealthService.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
7364
:: Add a rule to prevent the executable "SecurityHealthService.exe" from running via File Explorer
7365
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='SecurityHealthService.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
7366
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
7367
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
7368
:: ----------------------------------------------------------
7369
 
7370
 
7371
:: ----------------------------------------------------------
7372
:: -----Disable "Windows Security Service" interactions------
7373
:: ----------------------------------------------------------
7374
echo --- Disable "Windows Security Service" interactions
7375
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF} as TrustedInstaller
7376
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7377
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59} as TrustedInstaller
7378
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7379
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{CC66E708-C687-42EA-806E-83D41C9D1A5F} as TrustedInstaller
7380
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{CC66E708-C687-42EA-806E-83D41C9D1A5F}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7381
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0} as TrustedInstaller
7382
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7383
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{F99A566C-42AE-4DE2-AD4D-D297A04C5433} as TrustedInstaller
7384
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{F99A566C-42AE-4DE2-AD4D-D297A04C5433}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7385
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{470B9B9B-0E95-4963-B265-5D58E5808C3D} as TrustedInstaller
7386
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{470B9B9B-0E95-4963-B265-5D58E5808C3D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7387
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{2D15188C-D298-4E10-83B2-64666CCBEBBD} as TrustedInstaller
7388
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{2D15188C-D298-4E10-83B2-64666CCBEBBD}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7389
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{816A45F9-7406-42BB-B4FA-A655D96F2A8A} as TrustedInstaller
7390
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{816A45F9-7406-42BB-B4FA-A655D96F2A8A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7391
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{2557a77e-882d-4633-960e-0c718670c1c7} as TrustedInstaller
7392
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{2557a77e-882d-4633-960e-0c718670c1c7}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7393
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{1B48339C-D15E-45F3-AD55-A851CB66BE6B} as TrustedInstaller
7394
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{1B48339C-D15E-45F3-AD55-A851CB66BE6B}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7395
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{A2A6D7C6-ECBD-439E-9244-9E784608439F} as TrustedInstaller
7396
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{A2A6D7C6-ECBD-439E-9244-9E784608439F}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7397
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{434AEC1C-8583-45EC-B88F-750D6F380BC3} as TrustedInstaller
7398
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{434AEC1C-8583-45EC-B88F-750D6F380BC3}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7399
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{D6B0D1EB-456E-48FF-A3E3-F393C74B85DB} as TrustedInstaller
7400
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{D6B0D1EB-456E-48FF-A3E3-F393C74B85DB}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7401
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{EDAE4045-CAE6-4706-8973-FA69715B8C10} as TrustedInstaller
7402
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{EDAE4045-CAE6-4706-8973-FA69715B8C10}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7403
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{5CF41123-E9E6-4AC0-85A7-C4001F513C6A} as TrustedInstaller
7404
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{5CF41123-E9E6-4AC0-85A7-C4001F513C6A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7405
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{BD8A8E7D-E42F-434A-8215-C7ECB6C32786} as TrustedInstaller
7406
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{BD8A8E7D-E42F-434A-8215-C7ECB6C32786}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7407
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{47782907-6A6D-44BC-8872-4E45E994E6F9} as TrustedInstaller
7408
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{47782907-6A6D-44BC-8872-4E45E994E6F9}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7409
:: ----------------------------------------------------------
7410
 
7411
 
7412
:: ----------------------------------------------------------
7413
:: -------Disable Windows Security Health Agent (WSHA)-------
7414
:: ----------------------------------------------------------
7415
echo --- Disable Windows Security Health Agent (WSHA)
7416
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthAgent.dll" with additional permissions 
7417
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthAgent.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7418
:: ----------------------------------------------------------
7419
 
7420
 
7421
:: ----------------------------------------------------------
7422
:: -----------Disable Windows Security Health Core-----------
7423
:: ----------------------------------------------------------
7424
echo --- Disable Windows Security Health Core
7425
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthCore.dll" with additional permissions 
7426
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7427
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthCore.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7428
:: ----------------------------------------------------------
7429
 
7430
 
7431
:: ----------------------------------------------------------
7432
:: -----------Disable Windows Security Health UDK------------
7433
:: ----------------------------------------------------------
7434
echo --- Disable Windows Security Health UDK
7435
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthUdk.dll" with additional permissions 
7436
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7437
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthUdk.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7438
:: ----------------------------------------------------------
7439
 
7440
 
7441
:: ----------------------------------------------------------
7442
:: ------Disable "Windows Security Health Host" process------
7443
:: ----------------------------------------------------------
7444
echo --- Disable "Windows Security Health Host" process
7445
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthHost.exe" with additional permissions 
7446
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthHost.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7447
:: Check and terminate the running process "SecurityHealthHost.exe"
7448
tasklist /fi "ImageName eq SecurityHealthHost.exe" /fo csv 2>NUL | find /i "SecurityHealthHost.exe">NUL && (
7449
    echo SecurityHealthHost.exe is running and will be killed.
7450
    taskkill /f /im SecurityHealthHost.exe
7451
) || (
7452
    echo Skipping, SecurityHealthHost.exe is not running.
7453
)
7454
:: Configure termination of "SecurityHealthHost.exe" immediately upon its startup
7455
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityHealthHost.exe!Debugger"
7456
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityHealthHost.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityHealthHost.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
7457
:: Add a rule to prevent the executable "SecurityHealthHost.exe" from running via File Explorer
7458
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='SecurityHealthHost.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
7459
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
7460
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
7461
:: ----------------------------------------------------------
7462
 
7463
 
7464
:: ----------------------------------------------------------
7465
:: -------Disable Windows Security Health data sharing-------
7466
:: ----------------------------------------------------------
7467
echo --- Disable Windows Security Health data sharing
7468
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityHealthProxyStub.dll" with additional permissions 
7469
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityHealthProxyStub.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7470
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF} as TrustedInstaller
7471
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7472
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{AA00FB1F-4EC7-4b09-BDC1-E5D88D291440} 
7473
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7474
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\Software\Classes\CLSID\{AA00FB1F-4EC7-4b09-BDC1-E5D88D291440}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7475
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{AA00FB1F-4EC7-4b09-BDC1-E5D88D291440} 
7476
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
7477
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{AA00FB1F-4EC7-4b09-BDC1-E5D88D291440}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7478
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F} as TrustedInstaller
7479
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7480
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{10964DDD-6A53-4C60-917F-7B5723014344} as TrustedInstaller
7481
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{10964DDD-6A53-4C60-917F-7B5723014344}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7482
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{2EF44DE8-80C9-42D9-8541-F40EF0862FA3} as TrustedInstaller
7483
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{2EF44DE8-80C9-42D9-8541-F40EF0862FA3}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7484
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{3213CD15-4DF2-415F-83F2-9FC58F3AEB3A} as TrustedInstaller
7485
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{3213CD15-4DF2-415F-83F2-9FC58F3AEB3A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7486
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{3522D7AF-4617-4237-AAD8-5860231FC9BA} as TrustedInstaller
7487
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{3522D7AF-4617-4237-AAD8-5860231FC9BA}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7488
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B} as TrustedInstaller
7489
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7490
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{3886CA90-AB09-49D1-A047-7A62D096D275} as TrustedInstaller
7491
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{3886CA90-AB09-49D1-A047-7A62D096D275}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7492
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{3CD3CA1E-2232-4BBF-A733-18B700409DA0} as TrustedInstaller
7493
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{3CD3CA1E-2232-4BBF-A733-18B700409DA0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7494
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{5ffab5c8-9a36-4b65-9fc6-fb69f451f99c} as TrustedInstaller
7495
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{5ffab5c8-9a36-4b65-9fc6-fb69f451f99c}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7496
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD} as TrustedInstaller
7497
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7498
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{849F5497-5C61-4023-8E10-A28F1A8C6A70} as TrustedInstaller
7499
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{849F5497-5C61-4023-8E10-A28F1A8C6A70}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7500
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{88866959-07B0-4ED8-8EF5-54BC7443D28C} as TrustedInstaller
7501
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{88866959-07B0-4ED8-8EF5-54BC7443D28C}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7502
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{8E67B5C5-BAD3-4263-9F80-F769D50884F7} as TrustedInstaller
7503
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{8E67B5C5-BAD3-4263-9F80-F769D50884F7}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7504
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{C8DFF91D-B243-4797-BAE6-C461B65EDED3} as TrustedInstaller
7505
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{C8DFF91D-B243-4797-BAE6-C461B65EDED3}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7506
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{DBF393FC-230C-46CC-8A85-E9C599A81EFB} as TrustedInstaller
7507
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{DBF393FC-230C-46CC-8A85-E9C599A81EFB}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7508
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{E041C90B-68BA-42C9-991E-477B73A75C90} as TrustedInstaller
7509
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{E041C90B-68BA-42C9-991E-477B73A75C90}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7510
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{E476E4C0-409C-43CD-BBC0-5905B4138494} as TrustedInstaller
7511
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{E476E4C0-409C-43CD-BBC0-5905B4138494}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7512
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A} as TrustedInstaller
7513
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7514
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{37096FBE-2F09-4FF6-8507-C6E4E1179893} as TrustedInstaller
7515
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7516
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{37096FBE-2F09-4FF6-8507-C6E4E1179893}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7517
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{37096FBE-2F09-4FF6-8507-C6E4E1179893} as TrustedInstaller
7518
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7519
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{37096FBE-2F09-4FF6-8507-C6E4E1179893}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7520
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{7E55A26D-EF95-4A45-9F55-21E52ADF9887} as TrustedInstaller
7521
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7522
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{7E55A26D-EF95-4A45-9F55-21E52ADF9887}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7523
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{7E55A26D-EF95-4A45-9F55-21E52ADF9887} as TrustedInstaller
7524
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7525
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{7E55A26D-EF95-4A45-9F55-21E52ADF9887}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7526
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{4fe95d37-3459-4ecc-ac3e-f7abbe4e8aed} as TrustedInstaller
7527
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7528
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{4fe95d37-3459-4ecc-ac3e-f7abbe4e8aed}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7529
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{4fe95d37-3459-4ecc-ac3e-f7abbe4e8aed} as TrustedInstaller
7530
:: This operation will not run on Windows versions later than Windows10-MostRecent.
7531
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\AppId\{4fe95d37-3459-4ecc-ac3e-f7abbe4e8aed}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7532
:: ----------------------------------------------------------
7533
 
7534
 
7535
:: ----------------------------------------------------------
7536
:: -------------Disable Windows Security service-------------
7537
:: ----------------------------------------------------------
7538
echo --- Disable Windows Security service
7539
:: Disable the service `wscsvc` using TrustedInstaller privileges
7540
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''wscsvc'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7541
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\wscsvc.dll" with additional permissions 
7542
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\wscsvc.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7543
:: ----------------------------------------------------------
7544
 
7545
 
7546
:: ----------------------------------------------------------
7547
:: ------Disable Windows Security service integrations-------
7548
:: ----------------------------------------------------------
7549
echo --- Disable Windows Security service integrations
7550
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\SecurityCenterBrokerPS.dll"  
7551
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\SecurityCenterBrokerPS.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
7552
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{B529B7F5-76AA-431F-AD7F-1272FEEDFF07} as TrustedInstaller
7553
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{B529B7F5-76AA-431F-AD7F-1272FEEDFF07}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7554
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B529B7F5-76AA-431F-AD7F-1272FEEDFF07} as TrustedInstaller
7555
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B529B7F5-76AA-431F-AD7F-1272FEEDFF07}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7556
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{2A23AE77-9BFC-4B7B-8520-2D7B3E4A40B6} as TrustedInstaller
7557
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{2A23AE77-9BFC-4B7B-8520-2D7B3E4A40B6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7558
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{2A23AE77-9BFC-4B7B-8520-2D7B3E4A40B6} as TrustedInstaller
7559
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{2A23AE77-9BFC-4B7B-8520-2D7B3E4A40B6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7560
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{17966E44-DA6F-4AA9-B30E-5D4CCA5F5933} as TrustedInstaller
7561
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{17966E44-DA6F-4AA9-B30E-5D4CCA5F5933}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7562
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{17966E44-DA6F-4AA9-B30E-5D4CCA5F5933} as TrustedInstaller
7563
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{17966E44-DA6F-4AA9-B30E-5D4CCA5F5933}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7564
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{CBBC9C52-0741-4E3C-8E87-711722F8740D} as TrustedInstaller
7565
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{CBBC9C52-0741-4E3C-8E87-711722F8740D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7566
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{CBBC9C52-0741-4E3C-8E87-711722F8740D} as TrustedInstaller
7567
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{CBBC9C52-0741-4E3C-8E87-711722F8740D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7568
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{642D1BFD-FD78-488D-8E3B-AEB1195FE4DE} as TrustedInstaller
7569
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{642D1BFD-FD78-488D-8E3B-AEB1195FE4DE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7570
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{642D1BFD-FD78-488D-8E3B-AEB1195FE4DE} as TrustedInstaller
7571
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{642D1BFD-FD78-488D-8E3B-AEB1195FE4DE}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7572
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{0A4B1BED-FD27-4932-9094-F0738284DEB4} as TrustedInstaller
7573
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{0A4B1BED-FD27-4932-9094-F0738284DEB4}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7574
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0A4B1BED-FD27-4932-9094-F0738284DEB4} as TrustedInstaller
7575
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0A4B1BED-FD27-4932-9094-F0738284DEB4}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7576
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{E8CE0994-D686-46F8-A719-9EB1436EC690} as TrustedInstaller
7577
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{E8CE0994-D686-46F8-A719-9EB1436EC690}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7578
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{E8CE0994-D686-46F8-A719-9EB1436EC690} as TrustedInstaller
7579
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{E8CE0994-D686-46F8-A719-9EB1436EC690}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7580
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{96AC500C-AED4-561D-BDE8-953520343A2D} as TrustedInstaller
7581
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{96AC500C-AED4-561D-BDE8-953520343A2D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7582
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{96AC500C-AED4-561D-BDE8-953520343A2D} as TrustedInstaller
7583
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{96AC500C-AED4-561D-BDE8-953520343A2D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7584
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.WscBrokerManager as TrustedInstaller
7585
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.WscBrokerManager'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7586
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.WscCloudBackupProvider as TrustedInstaller
7587
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.WscCloudBackupProvider'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7588
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.WscDataProtection as TrustedInstaller
7589
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.WscDataProtection'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7590
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.SecurityAppBroker as TrustedInstaller
7591
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.SecurityCenter.SecurityAppBroker'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7592
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.SecurityAppManager as TrustedInstaller
7593
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.SecurityAppManager'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7594
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\Server\wscsvc as TrustedInstaller
7595
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\Server\wscsvc'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7596
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{d5c88c8b-eca2-4921-a2e4-b1a390bad510} as TrustedInstaller
7597
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{d5c88c8b-eca2-4921-a2e4-b1a390bad510}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7598
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{d5c88c8b-eca2-4921-a2e4-b1a390bad510} as TrustedInstaller
7599
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{d5c88c8b-eca2-4921-a2e4-b1a390bad510}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7600
:: ----------------------------------------------------------
7601
 
7602
 
7603
:: Disable "Virus and threat protection" section in "Windows Security"
7604
echo --- Disable "Virus and threat protection" section in "Windows Security"
7605
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection!UILockdown"
7606
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
7607
:: ----------------------------------------------------------
7608
 
7609
 
7610
:: Disable "Ransomware data recovery" section in "Windows Security"
7611
echo --- Disable "Ransomware data recovery" section in "Windows Security"
7612
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection!HideRansomwareRecovery"
7613
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection' /v 'HideRansomwareRecovery' /t 'REG_DWORD' /d "^""$data"^"" /f"
7614
:: ----------------------------------------------------------
7615
 
7616
 
7617
:: ----------------------------------------------------------
7618
:: --Disable "Family options" section in "Windows Security"--
7619
:: ----------------------------------------------------------
7620
echo --- Disable "Family options" section in "Windows Security"
7621
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options!UILockdown"
7622
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
7623
:: ----------------------------------------------------------
7624
 
7625
 
7626
:: Disable "Device performance and health" section in "Windows Security"
7627
echo --- Disable "Device performance and health" section in "Windows Security"
7628
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health!UILockdown"
7629
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
7630
:: ----------------------------------------------------------
7631
 
7632
 
7633
:: Disable "Account protection" section in "Windows Security"
7634
echo --- Disable "Account protection" section in "Windows Security"
7635
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Account protection!UILockdown"
7636
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Account protection'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Account protection' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
7637
:: ----------------------------------------------------------
7638
 
7639
 
7640
:: Disable "App and browser control" section in "Windows Security"
7641
echo --- Disable "App and browser control" section in "Windows Security"
7642
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection!UILockdown"
7643
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
7644
:: ----------------------------------------------------------
7645
 
7646
 
7647
:: ----------------------------------------------------------
7648
:: ------Disable Security and Maintenance core library-------
7649
:: ----------------------------------------------------------
7650
echo --- Disable Security and Maintenance core library
7651
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\ActionCenter.dll" with additional permissions 
7652
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\ActionCenter.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7653
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\ActionCenter.dll" with additional permissions 
7654
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\ActionCenter.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7655
:: ----------------------------------------------------------
7656
 
7657
 
7658
:: ----------------------------------------------------------
7659
:: --Disable Security and Maintenance Control Panel applet---
7660
:: ----------------------------------------------------------
7661
echo --- Disable Security and Maintenance Control Panel applet
7662
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} as TrustedInstaller
7663
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7664
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} as TrustedInstaller
7665
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7666
:: Soft-delete the registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} as TrustedInstaller
7667
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7668
:: Soft-delete the registry key: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} as TrustedInstaller
7669
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7670
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\ActionCenterCPL.dll" with additional permissions 
7671
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\ActionCenterCPL.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7672
:: Soft delete files matching pattern: "%SYSTEMROOT%\SysWOW64\ActionCenterCPL.dll" with additional permissions 
7673
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SysWOW64\ActionCenterCPL.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7674
:: ----------------------------------------------------------
7675
 
7676
 
7677
:: ----------------------------------------------------------
7678
:: ----Disable Security and Maintenance desktop features-----
7679
:: ----------------------------------------------------------
7680
echo --- Disable Security and Maintenance desktop features
7681
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} as TrustedInstaller
7682
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7683
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} as TrustedInstaller
7684
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7685
:: Soft-delete the registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} 
7686
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7687
:: ----------------------------------------------------------
7688
 
7689
 
7690
:: ----------------------------------------------------------
7691
:: -Disable "Device security" section in "Windows Security"--
7692
:: ----------------------------------------------------------
7693
echo --- Disable "Device security" section in "Windows Security"
7694
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security!UILockdown"
7695
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security' /v 'UILockdown' /t 'REG_DWORD' /d "^""$data"^"" /f"
7696
:: ----------------------------------------------------------
7697
 
7698
 
7699
:: ----------------------------------------------------------
7700
:: -----Disable "Clear TPM" button in "Windows Security"-----
7701
:: ----------------------------------------------------------
7702
echo --- Disable "Clear TPM" button in "Windows Security"
7703
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security!DisableClearTpmButton"
7704
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security' /v 'DisableClearTpmButton' /t 'REG_DWORD' /d "^""$data"^"" /f"
7705
:: ----------------------------------------------------------
7706
 
7707
 
7708
:: ----------------------------------------------------------
7709
:: ----Disable "Secure boot" button in "Windows Security"----
7710
:: ----------------------------------------------------------
7711
echo --- Disable "Secure boot" button in "Windows Security"
7712
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security!HideSecureBoot"
7713
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security' /v 'HideSecureBoot' /t 'REG_DWORD' /d "^""$data"^"" /f"
7714
:: ----------------------------------------------------------
7715
 
7716
 
7717
:: Disable "Security processor (TPM) troubleshooter" page in "Windows Security"
7718
echo --- Disable "Security processor (TPM) troubleshooter" page in "Windows Security"
7719
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security!HideTPMTroubleshooting"
7720
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security' /v 'HideTPMTroubleshooting' /t 'REG_DWORD' /d "^""$data"^"" /f"
7721
:: ----------------------------------------------------------
7722
 
7723
 
7724
:: Disable "TPM Firmware Update" recommendation in "Windows Security"
7725
echo --- Disable "TPM Firmware Update" recommendation in "Windows Security"
7726
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security!DisableTpmFirmwareUpdateWarning"
7727
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security' /v 'DisableTpmFirmwareUpdateWarning' /t 'REG_DWORD' /d "^""$data"^"" /f"
7728
:: ----------------------------------------------------------
7729
 
7730
 
7731
:: ----------------------------------------------------------
7732
:: ---Disable Security and Maintenance push notifications----
7733
:: ----------------------------------------------------------
7734
echo --- Disable Security and Maintenance push notifications
7735
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance!Enabled"
7736
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7737
:: Soft-delete the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.SecurityAndMaintenance as TrustedInstaller
7738
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.SecurityAndMaintenance'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7739
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance 
7740
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityAndMaintenance'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7741
:: ----------------------------------------------------------
7742
 
7743
 
7744
:: ----------------------------------------------------------
7745
:: --Disable Security and Maintenance taskbar notifications--
7746
:: ----------------------------------------------------------
7747
echo --- Disable Security and Maintenance taskbar notifications
7748
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppUserModelId\Windows.ActionCenter.UrgentNotification as TrustedInstaller
7749
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\AppUserModelId\Windows.ActionCenter.UrgentNotification'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7750
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance as TrustedInstaller
7751
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7752
:: ----------------------------------------------------------
7753
 
7754
 
7755
:: Disable Security and Maintenance notification integrations
7756
echo --- Disable Security and Maintenance notification integrations
7757
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{A973E7B2-131B-428E-8B2B-EAE73D731E98} as TrustedInstaller
7758
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{A973E7B2-131B-428E-8B2B-EAE73D731E98}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7759
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{A973E7B2-131B-428E-8B2B-EAE73D731E98} as TrustedInstaller
7760
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{A973E7B2-131B-428E-8B2B-EAE73D731E98}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7761
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{a3b3c46c-05d8-429b-bf66-87068b4ce563} as TrustedInstaller
7762
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{a3b3c46c-05d8-429b-bf66-87068b4ce563}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7763
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a3b3c46c-05d8-429b-bf66-87068b4ce563} as TrustedInstaller
7764
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a3b3c46c-05d8-429b-bf66-87068b4ce563}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7765
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\CLSID\{01afc156-f2eb-4c1c-a722-8550417d396f} as TrustedInstaller
7766
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\CLSID\{01afc156-f2eb-4c1c-a722-8550417d396f}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7767
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{01afc156-f2eb-4c1c-a722-8550417d396f} as TrustedInstaller
7768
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{01afc156-f2eb-4c1c-a722-8550417d396f}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7769
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{01afc156-f2eb-4c1c-a722-8550417d396f} as TrustedInstaller
7770
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{01afc156-f2eb-4c1c-a722-8550417d396f}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7771
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{01afc156-f2eb-4c1c-a722-8550417d396f} as TrustedInstaller
7772
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{01afc156-f2eb-4c1c-a722-8550417d396f}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7773
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{824f0d64-069c-4383-9107-f18fc40c3ca6} as TrustedInstaller
7774
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{824f0d64-069c-4383-9107-f18fc40c3ca6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7775
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{824f0d64-069c-4383-9107-f18fc40c3ca6} as TrustedInstaller
7776
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{824f0d64-069c-4383-9107-f18fc40c3ca6}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7777
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{418ee892-56f0-4c3b-9238-696ba0cef799} as TrustedInstaller
7778
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{418ee892-56f0-4c3b-9238-696ba0cef799}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7779
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{418ee892-56f0-4c3b-9238-696ba0cef799} as TrustedInstaller
7780
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{418ee892-56f0-4c3b-9238-696ba0cef799}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7781
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{7cbc33db-7a53-45c3-a0cc-610292bd7b9e} as TrustedInstaller
7782
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{7cbc33db-7a53-45c3-a0cc-610292bd7b9e}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7783
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{7cbc33db-7a53-45c3-a0cc-610292bd7b9e} as TrustedInstaller
7784
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{7cbc33db-7a53-45c3-a0cc-610292bd7b9e}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7785
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{FAE9CE59-7621-4208-8BC3-2ACECD58FED2} as TrustedInstaller
7786
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{FAE9CE59-7621-4208-8BC3-2ACECD58FED2}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7787
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FAE9CE59-7621-4208-8BC3-2ACECD58FED2} as TrustedInstaller
7788
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FAE9CE59-7621-4208-8BC3-2ACECD58FED2}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7789
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{3d2eafc0-96d0-4925-9f7d-ff80b168f243} as TrustedInstaller
7790
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{3d2eafc0-96d0-4925-9f7d-ff80b168f243}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7791
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3d2eafc0-96d0-4925-9f7d-ff80b168f243} as TrustedInstaller
7792
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3d2eafc0-96d0-4925-9f7d-ff80b168f243}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7793
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{b387c51b-7fe4-4252-8cd4-585592b4dc7e} as TrustedInstaller
7794
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{b387c51b-7fe4-4252-8cd4-585592b4dc7e}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7795
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{b387c51b-7fe4-4252-8cd4-585592b4dc7e} as TrustedInstaller
7796
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{b387c51b-7fe4-4252-8cd4-585592b4dc7e}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7797
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{e90aad8b-7f0c-480d-b33e-16779c4cf59d} as TrustedInstaller
7798
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{e90aad8b-7f0c-480d-b33e-16779c4cf59d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7799
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{e90aad8b-7f0c-480d-b33e-16779c4cf59d} as TrustedInstaller
7800
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{e90aad8b-7f0c-480d-b33e-16779c4cf59d}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7801
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{8025d477-47d3-449c-9350-c676140ee829} as TrustedInstaller
7802
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{8025d477-47d3-449c-9350-c676140ee829}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7803
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8025d477-47d3-449c-9350-c676140ee829} as TrustedInstaller
7804
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8025d477-47d3-449c-9350-c676140ee829}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7805
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{db62c52c-dbae-476c-aeac-fa9966e85326} as TrustedInstaller
7806
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{db62c52c-dbae-476c-aeac-fa9966e85326}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7807
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{db62c52c-dbae-476c-aeac-fa9966e85326} as TrustedInstaller
7808
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{db62c52c-dbae-476c-aeac-fa9966e85326}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7809
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{1cf5e433-3cf8-498e-8b5a-f47e23200e07} as TrustedInstaller
7810
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{1cf5e433-3cf8-498e-8b5a-f47e23200e07}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7811
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{1cf5e433-3cf8-498e-8b5a-f47e23200e07} as TrustedInstaller
7812
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{1cf5e433-3cf8-498e-8b5a-f47e23200e07}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7813
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{58d879fe-5b40-46aa-ab68-d146ff6a68a0} as TrustedInstaller
7814
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{58d879fe-5b40-46aa-ab68-d146ff6a68a0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7815
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{58d879fe-5b40-46aa-ab68-d146ff6a68a0} as TrustedInstaller
7816
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{58d879fe-5b40-46aa-ab68-d146ff6a68a0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7817
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{0acabbb8-8f37-4605-9d41-eec1c33eeb95} as TrustedInstaller
7818
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{0acabbb8-8f37-4605-9d41-eec1c33eeb95}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7819
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0acabbb8-8f37-4605-9d41-eec1c33eeb95} as TrustedInstaller
7820
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0acabbb8-8f37-4605-9d41-eec1c33eeb95}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7821
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{0cc6fe25-a88b-480d-956a-a9a20bd2c65a} as TrustedInstaller
7822
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{0cc6fe25-a88b-480d-956a-a9a20bd2c65a}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7823
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0cc6fe25-a88b-480d-956a-a9a20bd2c65a} as TrustedInstaller
7824
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{0cc6fe25-a88b-480d-956a-a9a20bd2c65a}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7825
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{8db6ae56-7ea1-421c-9c22-d3247c12c6c4} as TrustedInstaller
7826
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{8db6ae56-7ea1-421c-9c22-d3247c12c6c4}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7827
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8db6ae56-7ea1-421c-9c22-d3247c12c6c4} as TrustedInstaller
7828
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8db6ae56-7ea1-421c-9c22-d3247c12c6c4}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7829
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{014a1425-828b-482a-a386-5763b23531c3} as TrustedInstaller
7830
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{014a1425-828b-482a-a386-5763b23531c3}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7831
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{014a1425-828b-482a-a386-5763b23531c3} as TrustedInstaller
7832
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{014a1425-828b-482a-a386-5763b23531c3}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7833
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\Interface\{B066DDE3-445D-45dc-BF2A-BC7BAA74C5C5} as TrustedInstaller
7834
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\Interface\{B066DDE3-445D-45dc-BF2A-BC7BAA74C5C5}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7835
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B066DDE3-445D-45dc-BF2A-BC7BAA74C5C5} as TrustedInstaller
7836
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B066DDE3-445D-45dc-BF2A-BC7BAA74C5C5}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7837
:: ----------------------------------------------------------
7838
 
7839
 
7840
:: ----------------------------------------------------------
7841
:: ----Disable all Security and Maintenance notifications----
7842
:: ----------------------------------------------------------
7843
echo --- Disable all Security and Maintenance notifications
7844
:: Soft-delete the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Security and Maintenance\Providers as TrustedInstaller
7845
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\Windows\CurrentVersion\Security and Maintenance\Providers'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7846
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks 
7847
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7848
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Security and Maintenance\Providers 
7849
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\Security and Maintenance\Providers'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7850
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks 
7851
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7852
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers 
7853
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7854
:: ----------------------------------------------------------
7855
 
7856
 
7857
:: ----------------------------------------------------------
7858
:: --------Disable all Windows Security notifications--------
7859
:: ----------------------------------------------------------
7860
echo --- Disable all Windows Security notifications
7861
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications!DisableNotifications"
7862
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications' /v 'DisableNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
7863
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications!DisableNotifications"
7864
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications' /v 'DisableNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
7865
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityCenter!Enabled"
7866
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityCenter'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityCenter' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7867
:: Soft-delete the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.SecurityCenter as TrustedInstaller
7868
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.SystemToast.SecurityCenter'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7869
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter 
7870
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.SecurityCenter'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7871
:: ----------------------------------------------------------
7872
 
7873
 
7874
:: ----------------------------------------------------------
7875
:: ---Disable non-critical Windows Security notifications----
7876
:: ----------------------------------------------------------
7877
echo --- Disable non-critical Windows Security notifications
7878
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications!DisableEnhancedNotifications"
7879
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications' /v 'DisableEnhancedNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
7880
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications!DisableEnhancedNotifications"
7881
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications' /v 'DisableEnhancedNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
7882
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting!DisableEnhancedNotifications"
7883
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' /v 'DisableEnhancedNotifications' /t 'REG_DWORD' /d "^""$data"^"" /f"
7884
:: ----------------------------------------------------------
7885
 
7886
 
7887
:: ----------------------------------------------------------
7888
:: ------Disable Windows Security taskbar notifications------
7889
:: ----------------------------------------------------------
7890
echo --- Disable Windows Security taskbar notifications
7891
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppUserModelId\Windows.SystemToast.SecurityCenter as TrustedInstaller
7892
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\AppUserModelId\Windows.SystemToast.SecurityCenter'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7893
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppUserModelId\Windows.Defender.SecurityCenter as TrustedInstaller
7894
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\AppUserModelId\Windows.Defender.SecurityCenter'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7895
:: ----------------------------------------------------------
7896
 
7897
 
7898
:: ----------------------------------------------------------
7899
:: ------Disable Defender Antivirus push notifications-------
7900
:: ----------------------------------------------------------
7901
echo --- Disable Defender Antivirus push notifications
7902
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration!Notification_Suppress"
7903
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration' /v 'Notification_Suppress' /t 'REG_DWORD' /d "^""$data"^"" /f"
7904
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender!Enabled"
7905
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender'; $data =  '0'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7906
:: Soft-delete the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.Defender as TrustedInstaller
7907
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\Windows.Defender'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
7908
:: Soft-delete the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender 
7909
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.Defender'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7910
:: ----------------------------------------------------------
7911
 
7912
 
7913
:: ----------------------------------------------------------
7914
:: -----Disable Defender Antivirus reboot notifications------
7915
:: ----------------------------------------------------------
7916
echo --- Disable Defender Antivirus reboot notifications
7917
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!SuppressRebootNotification"
7918
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration' /v 'SuppressRebootNotification' /t 'REG_DWORD' /d "^""$data"^"" /f"
7919
:: ----------------------------------------------------------
7920
 
7921
 
7922
:: ----------------------------------------------------------
7923
:: -----Disable Defender Antivirus taskbar notifications-----
7924
:: ----------------------------------------------------------
7925
echo --- Disable Defender Antivirus taskbar notifications
7926
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppUserModelId\Microsoft.Windows.Defender 
7927
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Classes\AppUserModelId\Microsoft.Windows.Defender'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7928
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\AppUserModelId\Windows.Defender 
7929
PowerShell -ExecutionPolicy Unrestricted -Command "function Copy-Acl($Src, $Dst) { $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue); foreach ($key in $srcKeys) { $dstKey = Join-Path $Dst $key.PSChildName; Copy-Acl -Src $key.PSPath -Dst $dstKey; }; $acl = Get-Acl -Path $Src -ErrorAction Stop; $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner); $sddl = $acl.GetSecurityDescriptorSddlForm($sections); $acl.SetSecurityDescriptorSddlForm($sddl, $sections); Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop; }; function Rename-KeyWithAcl($Old, $New) { try { Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop; } catch { throw "^""Failed to copy: $_"^""; }; try { Copy-Acl -Src $Old -Dst $New; } catch { Write-Warning "^""Failed to copy ACL: $_"^""; }; try { Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null; } catch { try { Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null; } catch { Write-Warning "^""Failed to clean up: $_"^""; }; throw "^""Failed to remove: $_"^""; }; }; $rawPath='HKLM\SOFTWARE\Classes\AppUserModelId\Windows.Defender'; $suffix='.OLD'; $global:ok = 0; $global:skip = 0; $global:fail = 0; function Rename-KeyTree($Path) { Write-Host "^""Processing key: $Path"^""; if (-Not (Test-Path -LiteralPath $Path)) { Write-Host 'Skipping: Key does not exist.'; $global:skip++; return; }; $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property); foreach ($value in $values) { Write-Host "^""Renaming '$value'"^""; if ($value.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; continue; }; $backupName = $value + $suffix; Write-Host "^""Renaming to '$backupName'."^""; try { Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename value: $_"^""; $global:fail++; }; }; $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue); foreach ($key in $subkeys) { Rename-KeyTree $key.PSPath; }; Write-Host "^""Renaming key '$Path'."^""; if ($Path.EndsWith($suffix)) { Write-Host 'Skipping: Has suffix.'; $global:skip++; } else { $backupPath = $Path + $suffix; while (Test-Path -LiteralPath $backupPath) { $backupPath += $suffix; }; Write-Host "^""Renaming to '$backupPath'."^""; try { Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop; Write-Host 'Successfully renamed.'; $global:ok++; } catch { Write-Warning "^""Failed to rename: $_"^""; $global:fail++; }; }; }; Write-Host "^""Soft deleting registry key '$rawPath' recursively."^""; $hive = $rawPath.Split('\')[0]; $path = $hive + ':' + $rawPath.Substring($hive.Length); Rename-KeyTree $path; $totalItems = $global:ok + $global:skip + $global:fail; Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""; if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) { Write-Host 'No items were processed. The operation had no effect.'; } elseif ($global:fail -eq $totalItems) { throw "^""Operation failed. All $global:fail items could not be processed."^""; } elseif ($global:ok) { Write-Host "^""Successfully processed $global:ok item(s)."^""; }"
7930
:: ----------------------------------------------------------
7931
 
7932
 
7933
:: ----------------------------------------------------------
7934
:: --Disable Windows Update hardware information collection--
7935
:: ----------------------------------------------------------
7936
echo --- Disable Windows Update hardware information collection
7937
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata!PreventDeviceMetadataFromNetwork"
7938
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata' /v 'PreventDeviceMetadataFromNetwork' /t 'REG_DWORD' /d "^""$data"^"" /f"
7939
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata!PreventDeviceMetadataFromNetwork"
7940
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata' /v 'PreventDeviceMetadataFromNetwork' /t 'REG_DWORD' /d "^""$data"^"" /f"
7941
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DeviceSetupManager/Admin!Enabled"
7942
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DeviceSetupManager/Admin'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DeviceSetupManager/Admin' /v 'Enabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7943
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata!DeviceMetadataServiceURL"
7944
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata'; $data =  'http://127.0.0.1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata' /v 'DeviceMetadataServiceURL' /t 'REG_SZ' /d "^""$data"^"" /f"
7945
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\DeviceMetadataRetrievalClient.dll" with additional permissions 
7946
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\DeviceMetadataRetrievalClient.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
7947
:: ----------------------------------------------------------
7948
 
7949
 
7950
:: ----------------------------------------------------------
7951
:: ---------Disable Windows Update driver downloads----------
7952
:: ----------------------------------------------------------
7953
echo --- Disable Windows Update driver downloads
7954
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!ExcludeWUDriversInQualityUpdate"
7955
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'ExcludeWUDriversInQualityUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
7956
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings!ExcludeWUDriversInQualityUpdate"
7957
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' /v 'ExcludeWUDriversInQualityUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
7958
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState!ExcludeWUDrivers"
7959
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState' /v 'ExcludeWUDrivers' /t 'REG_DWORD' /d "^""$data"^"" /f"
7960
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate!value"
7961
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
7962
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update!ExcludeWUDriversInQualityUpdate"
7963
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update' /v 'ExcludeWUDriversInQualityUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
7964
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update!ExcludeWUDriversInQualityUpdate"
7965
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update' /v 'ExcludeWUDriversInQualityUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
7966
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\WindowsUpdate!ExcludeWUDriversInQualityUpdate"
7967
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\WindowsUpdate' /v 'ExcludeWUDriversInQualityUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
7968
:: ----------------------------------------------------------
7969
 
7970
 
7971
:: ----------------------------------------------------------
7972
:: -----------Disable Windows Update driver search-----------
7973
:: ----------------------------------------------------------
7974
echo --- Disable Windows Update driver search
7975
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching!SearchOrderConfig"
7976
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching'; $data =  '0'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching' /v 'SearchOrderConfig' /t 'REG_DWORD' /d "^""$data"^"" /f"
7977
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\DriverSearching!SearchOrderConfig"
7978
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DriverSearching'; $data =  '2'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DriverSearching' /v 'SearchOrderConfig' /t 'REG_DWORD' /d "^""$data"^"" /f"
7979
:: ----------------------------------------------------------
7980
 
7981
 
7982
:: ----------------------------------------------------------
7983
:: ----Disable Windows Update driver installation wizard-----
7984
:: ----------------------------------------------------------
7985
echo --- Disable Windows Update driver installation wizard
7986
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DriverUpdateWizardWuSearchEnabled"
7987
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\DriverSearching'; $data =  '0'; reg add 'HKLM\Software\Policies\Microsoft\Windows\DriverSearching' /v 'DriverUpdateWizardWuSearchEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7988
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\DriverSearching!DriverUpdateWizardWuSearchEnabled"
7989
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\DriverSearching'; $data =  '0'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\DriverSearching' /v 'DriverUpdateWizardWuSearchEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7990
:: Set the registry value: "HKLM\Software\Microsoft\Windows\DriverSearching!DriverUpdateWizardWuSearchEnabled"
7991
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\DriverSearching'; $data =  '0'; reg add 'HKLM\Software\Microsoft\Windows\DriverSearching' /v 'DriverUpdateWizardWuSearchEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
7992
:: ----------------------------------------------------------
7993
 
7994
 
7995
:: ----------------------------------------------------------
7996
:: ------Disable Windows Update fallback driver search-------
7997
:: ----------------------------------------------------------
7998
echo --- Disable Windows Update fallback driver search
7999
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate"
8000
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\DriverSearching'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\DriverSearching' /v 'DontSearchWindowsUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
8001
:: ----------------------------------------------------------
8002
 
8003
 
8004
:: ----------------------------------------------------------
8005
:: ------Disable Windows Update driver download server-------
8006
:: ----------------------------------------------------------
8007
echo --- Disable Windows Update driver download server
8008
:: Set the registry value: "HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DriverServerSelection"
8009
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Policies\Microsoft\Windows\DriverSearching'; $data =  '1'; reg add 'HKLM\Software\Policies\Microsoft\Windows\DriverSearching' /v 'DriverServerSelection' /t 'REG_DWORD' /d "^""$data"^"" /f"
8010
:: ----------------------------------------------------------
8011
 
8012
 
8013
:: ----------------------------------------------------------
8014
:: ------Disable "Windows Update" (`wuauserv`) service-------
8015
:: ----------------------------------------------------------
8016
echo --- Disable "Windows Update" (`wuauserv`) service
8017
:: Disable service(s): `wuauserv`
8018
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'wuauserv'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
8019
:: ----------------------------------------------------------
8020
 
8021
 
8022
:: ----------------------------------------------------------
8023
:: -----Disable "Update Orchestrator Service" (`UsoSvc`)-----
8024
:: ----------------------------------------------------------
8025
echo --- Disable "Update Orchestrator Service" (`UsoSvc`)
8026
:: Disable service(s): `UsoSvc`
8027
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'UsoSvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
8028
:: ----------------------------------------------------------
8029
 
8030
 
8031
:: ----------------------------------------------------------
8032
:: -Disable "Windows Update Medic Service" (`WaaSMedicSvc`)--
8033
:: ----------------------------------------------------------
8034
echo --- Disable "Windows Update Medic Service" (`WaaSMedicSvc`)
8035
:: Disable the service `WaaSMedicSvc` 
8036
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'WaaSMedicSvc'; $stopWithDependencies= $false; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""; Exit 0; }; $serviceName = $service.Name; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""; try { Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""; $stopParams = @{ Name = $ServiceName; Force = $true; ErrorAction = 'Stop'; }; if (-not $stopWithDependencies) { $stopParams['NoWait'] = $true; }; Stop-Service @stopParams; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { if ($_.FullyQualifiedErrorId -eq 'CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand') { Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""; } else { Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""; }; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if (-Not (Test-Path $registryKey)) { Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 0; }; <# -- 4. Skip if already disabled #>; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) { Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""; Exit 0; }; <# -- 5. Disable service #>; try { Set-ItemProperty -LiteralPath $registryKey -Name "^""Start"^"" -Value 4 -ErrorAction Stop; Write-Host 'Successfully disabled the service. It will not start automatically on next boot.'; } catch { Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""; Exit 1; }"
8037
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\WaaSMedicSvc.dll" with additional permissions 
8038
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\WaaSMedicSvc.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8039
:: Check and terminate the running process "WaaSMedicAgent.exe"
8040
tasklist /fi "ImageName eq WaaSMedicAgent.exe" /fo csv 2>NUL | find /i "WaaSMedicAgent.exe">NUL && (
8041
    echo WaaSMedicAgent.exe is running and will be killed.
8042
    taskkill /f /im WaaSMedicAgent.exe
8043
) || (
8044
    echo Skipping, WaaSMedicAgent.exe is not running.
8045
)
8046
:: Configure termination of "WaaSMedicAgent.exe" immediately upon its startup
8047
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WaaSMedicAgent.exe!Debugger"
8048
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WaaSMedicAgent.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WaaSMedicAgent.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
8049
:: Add a rule to prevent the executable "WaaSMedicAgent.exe" from running via File Explorer
8050
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='WaaSMedicAgent.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
8051
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
8052
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
8053
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\WaaSMedicAgent.exe" with additional permissions 
8054
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8055
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\WaaSMedicAgent.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8056
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\WaaSMedicCapsule.dll" with additional permissions 
8057
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8058
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\WaaSMedicCapsule.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8059
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\WaaSMedicPS.dll" with additional permissions 
8060
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\WaaSMedicPS.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8061
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\WaaSAssessment.dll" with additional permissions 
8062
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\WaaSAssessment.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8063
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Windows.Internal.WaaSMedicDocked.dll" with additional permissions 
8064
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8065
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\Windows.Internal.WaaSMedicDocked.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8066
:: Soft delete files matching pattern: "%SYSTEMROOT%\UUS\amd64\WaaSMedicSvcImpl.dll" with additional permissions 
8067
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8068
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\UUS\amd64\WaaSMedicSvcImpl.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8069
:: Soft delete files matching pattern: "%SYSTEMROOT%\WaaS\*" with additional permissions 
8070
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\WaaS\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8071
:: Soft-delete the registry key: HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.WaaSMedicDocked.CBSHelper as TrustedInstaller
8072
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8073
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.WaaSMedicDocked.CBSHelper'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8074
:: Soft-delete the registry key: HKLM\Software\Classes\AppID\{2ED83BAA-B2FD-43B1-99BF-E6149C622692} as TrustedInstaller
8075
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\AppID\{2ED83BAA-B2FD-43B1-99BF-E6149C622692}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8076
:: Soft-delete the registry key: HKLM\SOFTWARE\Classes\WOW6432Node\AppID\{2ED83BAA-B2FD-43B1-99BF-E6149C622692} as TrustedInstaller
8077
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\SOFTWARE\Classes\WOW6432Node\AppID\{2ED83BAA-B2FD-43B1-99BF-E6149C622692}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8078
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{63480537-5d3d-4c42-8ac4-22a2bc016244} as TrustedInstaller
8079
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{63480537-5d3d-4c42-8ac4-22a2bc016244}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8080
:: Soft-delete the registry key: HKLM\Software\Classes\Interface\{B4C1D279-966E-44E9-A9C5-CCAF4A77023D} as TrustedInstaller
8081
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\Interface\{B4C1D279-966E-44E9-A9C5-CCAF4A77023D}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8082
:: Soft-delete the registry key: HKLM\Software\Classes\Interface\{e4dc719b-fe77-414f-9dbe-3e4ffea7a7a5} as TrustedInstaller
8083
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\Interface\{e4dc719b-fe77-414f-9dbe-3e4ffea7a7a5}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8084
:: Soft-delete the registry key: HKLM\Software\Classes\TypeLib\{3ff1aab8-f3d8-11d4-825d-00104b3646c0} as TrustedInstaller
8085
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\TypeLib\{3ff1aab8-f3d8-11d4-825d-00104b3646c0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8086
:: Soft-delete the registry key: HKLM\Software\Classes\Wow6432Node\TypeLib\{3ff1aab8-f3d8-11d4-825d-00104b3646c0} as TrustedInstaller
8087
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\Wow6432Node\TypeLib\{3ff1aab8-f3d8-11d4-825d-00104b3646c0}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8088
:: Soft-delete the registry key: HKLM\Software\Classes\Microsoft.WaaSMedic as TrustedInstaller
8089
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\Microsoft.WaaSMedic'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8090
:: Soft-delete the registry key: HKLM\Software\Classes\Microsoft.WaaSMedic.1 as TrustedInstaller
8091
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\Microsoft.WaaSMedic.1'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8092
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{72566e27-1abb-4eb3-b4f0-eb431cb1cb32} as TrustedInstaller
8093
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{72566e27-1abb-4eb3-b4f0-eb431cb1cb32}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8094
:: Soft-delete the registry key: HKLM\Software\Classes\CLSID\{9ea82395-e31b-41ca-8df7-ec1cee7194df} as TrustedInstaller
8095
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = 'function Copy-Acl($Src, $Dst) {'+"^""`r`n"^""+'    $srcKeys = @(Get-ChildItem -LiteralPath $Src -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $srcKeys) {'+"^""`r`n"^""+'        $dstKey = Join-Path $Dst $key.PSChildName'+"^""`r`n"^""+'        Copy-Acl -Src $key.PSPath -Dst $dstKey'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $acl = Get-Acl -Path $Src -ErrorAction Stop'+"^""`r`n"^""+'    $sections = [System.Security.AccessControl.AccessControlSections]::All -band (-bnot [System.Security.AccessControl.AccessControlSections]::Owner)'+"^""`r`n"^""+'    $sddl = $acl.GetSecurityDescriptorSddlForm($sections)'+"^""`r`n"^""+'    $acl.SetSecurityDescriptorSddlForm($sddl, $sections)'+"^""`r`n"^""+'    Set-Acl -Path $Dst -AclObject $acl -ErrorAction Stop'+"^""`r`n"^""+'}'+"^""`r`n"^""+'function Rename-KeyWithAcl($Old, $New) {'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Item -LiteralPath $Old -Destination $New -Recurse -Force -ErrorAction Stop'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        throw "^""Failed to copy: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Copy-Acl -Src $Old -Dst $New'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        Write-Warning "^""Failed to copy ACL: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Remove-Item -LiteralPath $Old -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Remove-Item -LiteralPath $New -Force -Recurse -ErrorAction Stop | Out-Null'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to clean up: $_"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        throw "^""Failed to remove: $_"^""'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$rawPath=''HKLM\Software\Classes\CLSID\{9ea82395-e31b-41ca-8df7-ec1cee7194df}'''+"^""`r`n"^""+'$suffix=''.OLD'''+"^""`r`n"^""+'$global:ok = 0'+"^""`r`n"^""+'$global:skip = 0'+"^""`r`n"^""+'$global:fail = 0'+"^""`r`n"^""+'function Rename-KeyTree($Path) {'+"^""`r`n"^""+'    Write-Host "^""Processing key: $Path"^""'+"^""`r`n"^""+'    if (-Not (Test-Path -LiteralPath $Path)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Key does not exist.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'        return'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $values = (Get-Item -LiteralPath $Path -ErrorAction Stop | Select-Object -ExpandProperty Property)'+"^""`r`n"^""+'    foreach ($value in $values) {'+"^""`r`n"^""+'        Write-Host "^""Renaming ''$value''"^""'+"^""`r`n"^""+'        if ($value.EndsWith($suffix)) {'+"^""`r`n"^""+'            Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'            $global:skip++'+"^""`r`n"^""+'            continue'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        $backupName = $value + $suffix'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupName''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-ItemProperty -LiteralPath $Path -Name $value -NewName $backupName -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename value: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    $subkeys = @(Get-ChildItem -LiteralPath $Path -ErrorAction SilentlyContinue)'+"^""`r`n"^""+'    foreach ($key in $subkeys) {'+"^""`r`n"^""+'        Rename-KeyTree $key.PSPath'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'    Write-Host "^""Renaming key ''$Path''."^""'+"^""`r`n"^""+'    if ($Path.EndsWith($suffix)) {'+"^""`r`n"^""+'        Write-Host ''Skipping: Has suffix.'''+"^""`r`n"^""+'        $global:skip++'+"^""`r`n"^""+'    } else {'+"^""`r`n"^""+'        $backupPath = $Path + $suffix'+"^""`r`n"^""+'        while (Test-Path -LiteralPath $backupPath) {'+"^""`r`n"^""+'            $backupPath += $suffix'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Write-Host "^""Renaming to ''$backupPath''."^""'+"^""`r`n"^""+'        try {'+"^""`r`n"^""+'            Rename-KeyWithAcl -Old $Path -New $backupPath -ErrorAction Stop'+"^""`r`n"^""+'            Write-Host ''Successfully renamed.'''+"^""`r`n"^""+'            $global:ok++'+"^""`r`n"^""+'        } catch {'+"^""`r`n"^""+'            Write-Warning "^""Failed to rename: $_"^""'+"^""`r`n"^""+'            $global:fail++'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'}'+"^""`r`n"^""+'Write-Host "^""Soft deleting registry key ''$rawPath'' recursively."^""'+"^""`r`n"^""+'$hive = $rawPath.Split(''\'')[0]'+"^""`r`n"^""+'$path = $hive + '':'' + $rawPath.Substring($hive.Length)'+"^""`r`n"^""+'Rename-KeyTree $path'+"^""`r`n"^""+'$totalItems = $global:ok + $global:skip + $global:fail'+"^""`r`n"^""+'Write-Host "^""Total items: $totalItems, Renamed: $global:ok, Skipped: $global:skip, Failed: $global:fail"^""'+"^""`r`n"^""+'if (($totalItems -eq 0) -or ($totalItems -eq $global:skip)) {'+"^""`r`n"^""+'    Write-Host ''No items were processed. The operation had no effect.'''+"^""`r`n"^""+'} elseif ($global:fail -eq $totalItems) {'+"^""`r`n"^""+'    throw "^""Operation failed. All $global:fail items could not be processed."^""'+"^""`r`n"^""+'} elseif ($global:ok) {'+"^""`r`n"^""+'    Write-Host "^""Successfully processed $global:ok item(s)."^""'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
8096
:: ----------------------------------------------------------
8097
 
8098
 
8099
:: Disable automatically enabling Windows Update Medic Service
8100
echo --- Disable automatically enabling Windows Update Medic Service
8101
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\upfc.exe" with additional permissions 
8102
:: This operation will not run on Windows versions earlier than Windows10-22H2.
8103
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $pathGlobPattern = "^""%SYSTEMROOT%\System32\upfc.exe"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8104
:: Check and terminate the running process "upfc.exe"
8105
tasklist /fi "ImageName eq upfc.exe" /fo csv 2>NUL | find /i "upfc.exe">NUL && (
8106
    echo upfc.exe is running and will be killed.
8107
    taskkill /f /im upfc.exe
8108
) || (
8109
    echo Skipping, upfc.exe is not running.
8110
)
8111
:: Configure termination of "upfc.exe" immediately upon its startup
8112
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upfc.exe!Debugger"
8113
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upfc.exe'; $data =  '%SYSTEMROOT%\System32\taskkill.exe'; reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upfc.exe' /v 'Debugger' /t 'REG_SZ' /d "^""$data"^"" /f"
8114
:: Add a rule to prevent the executable "upfc.exe" from running via File Explorer
8115
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='upfc.exe'; try { $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) { $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) { $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: '$executableFilename' is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) { while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) { $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) { New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch { Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
8116
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
8117
PowerShell -ExecutionPolicy Unrestricted -Command "try { $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) { Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) { New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) { Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch { Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
8118
:: ----------------------------------------------------------
8119
 
8120
 
8121
:: ----------------------------------------------------------
8122
:: ---------------Disable "RestoreDevice" task---------------
8123
:: ----------------------------------------------------------
8124
echo --- Disable "RestoreDevice" task
8125
:: Disable scheduled task(s): `\Microsoft\Windows\InstallService\RestoreDevice`
8126
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\InstallService\'; $taskNamePattern='RestoreDevice'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8127
:: ----------------------------------------------------------
8128
 
8129
 
8130
:: ----------------------------------------------------------
8131
:: --------------Disable "ScanForUpdates" task---------------
8132
:: ----------------------------------------------------------
8133
echo --- Disable "ScanForUpdates" task
8134
:: Disable scheduled task(s): `\Microsoft\Windows\InstallService\ScanForUpdates`
8135
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\InstallService\'; $taskNamePattern='ScanForUpdates'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8136
:: ----------------------------------------------------------
8137
 
8138
 
8139
:: ----------------------------------------------------------
8140
:: -----------Disable "ScanForUpdatesAsUser" task------------
8141
:: ----------------------------------------------------------
8142
echo --- Disable "ScanForUpdatesAsUser" task
8143
:: Disable scheduled task(s): `\Microsoft\Windows\InstallService\ScanForUpdatesAsUser`
8144
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\InstallService\'; $taskNamePattern='ScanForUpdatesAsUser'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8145
:: ----------------------------------------------------------
8146
 
8147
 
8148
:: ----------------------------------------------------------
8149
:: ----------------Disable "SmartRetry" task-----------------
8150
:: ----------------------------------------------------------
8151
echo --- Disable "SmartRetry" task
8152
:: Disable scheduled task(s): `\Microsoft\Windows\InstallService\SmartRetry`
8153
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\InstallService\'; $taskNamePattern='SmartRetry'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8154
:: ----------------------------------------------------------
8155
 
8156
 
8157
:: ----------------------------------------------------------
8158
:: ---------Disable "WakeUpAndContinueUpdates" task----------
8159
:: ----------------------------------------------------------
8160
echo --- Disable "WakeUpAndContinueUpdates" task
8161
:: Disable scheduled task(s): `\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates`
8162
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\InstallService\'; $taskNamePattern='WakeUpAndContinueUpdates'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8163
:: ----------------------------------------------------------
8164
 
8165
 
8166
:: ----------------------------------------------------------
8167
:: ----------Disable "WakeUpAndScanForUpdates" task----------
8168
:: ----------------------------------------------------------
8169
echo --- Disable "WakeUpAndScanForUpdates" task
8170
:: Disable scheduled task(s): `\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates`
8171
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\InstallService\'; $taskNamePattern='WakeUpAndScanForUpdates'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8172
:: ----------------------------------------------------------
8173
 
8174
 
8175
:: ----------------------------------------------------------
8176
:: --------------Disable "Scheduled Start" task--------------
8177
:: ----------------------------------------------------------
8178
echo --- Disable "Scheduled Start" task
8179
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\Scheduled Start`
8180
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='Scheduled Start'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8181
:: ----------------------------------------------------------
8182
 
8183
 
8184
:: ----------------------------------------------------------
8185
:: --------------Disable "Report policies" task--------------
8186
:: ----------------------------------------------------------
8187
echo --- Disable "Report policies" task
8188
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Report policies`
8189
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Report policies'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8190
:: ----------------------------------------------------------
8191
 
8192
 
8193
:: ----------------------------------------------------------
8194
:: ---------Disable "Schedule Maintenance Work" task---------
8195
:: ----------------------------------------------------------
8196
echo --- Disable "Schedule Maintenance Work" task
8197
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work`
8198
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Schedule Maintenance Work'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8199
:: ----------------------------------------------------------
8200
 
8201
 
8202
:: ----------------------------------------------------------
8203
:: ---------------Disable "Schedule Scan" task---------------
8204
:: ----------------------------------------------------------
8205
echo --- Disable "Schedule Scan" task
8206
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Schedule Scan`
8207
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Schedule Scan'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8208
:: ----------------------------------------------------------
8209
 
8210
 
8211
:: ----------------------------------------------------------
8212
:: ---------Disable "Schedule Scan Static Task" task---------
8213
:: ----------------------------------------------------------
8214
echo --- Disable "Schedule Scan Static Task" task
8215
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Schedule Scan Static Task`
8216
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Schedule Scan Static Task'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8217
:: ----------------------------------------------------------
8218
 
8219
 
8220
:: ----------------------------------------------------------
8221
:: -----------Disable "Schedule Wake To Work" task-----------
8222
:: ----------------------------------------------------------
8223
echo --- Disable "Schedule Wake To Work" task
8224
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work`
8225
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Schedule Wake To Work'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8226
:: ----------------------------------------------------------
8227
 
8228
 
8229
:: ----------------------------------------------------------
8230
:: ---------------Disable "Schedule Work" task---------------
8231
:: ----------------------------------------------------------
8232
echo --- Disable "Schedule Work" task
8233
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Schedule Work`
8234
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Schedule Work'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8235
:: ----------------------------------------------------------
8236
 
8237
 
8238
:: ----------------------------------------------------------
8239
:: --------------Disable "UpdateModelTask" task--------------
8240
:: ----------------------------------------------------------
8241
echo --- Disable "UpdateModelTask" task
8242
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\UpdateModelTask`
8243
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='UpdateModelTask'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8244
:: ----------------------------------------------------------
8245
 
8246
 
8247
:: ----------------------------------------------------------
8248
:: ---------Disable "Start Oobe Expedite Work" task----------
8249
:: ----------------------------------------------------------
8250
echo --- Disable "Start Oobe Expedite Work" task
8251
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Start Oobe Expedite Work`
8252
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Start Oobe Expedite Work'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8253
:: ----------------------------------------------------------
8254
 
8255
 
8256
:: ----------------------------------------------------------
8257
:: -----Disable "StartOobeAppsScan_LicenseAccepted" task-----
8258
:: ----------------------------------------------------------
8259
echo --- Disable "StartOobeAppsScan_LicenseAccepted" task
8260
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted`
8261
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='StartOobeAppsScan_LicenseAccepted'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8262
:: ----------------------------------------------------------
8263
 
8264
 
8265
:: ----------------------------------------------------------
8266
:: ------Disable "StartOobeAppsScan_OobeAppReady" task-------
8267
:: ----------------------------------------------------------
8268
echo --- Disable "StartOobeAppsScan_OobeAppReady" task
8269
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_OobeAppReady`
8270
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='StartOobeAppsScan_OobeAppReady'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8271
:: ----------------------------------------------------------
8272
 
8273
 
8274
:: ----------------------------------------------------------
8275
:: -------Disable "StartOobeAppsScanAfterUpdate" task--------
8276
:: ----------------------------------------------------------
8277
echo --- Disable "StartOobeAppsScanAfterUpdate" task
8278
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScanAfterUpdate`
8279
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='StartOobeAppsScanAfterUpdate'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8280
:: ----------------------------------------------------------
8281
 
8282
 
8283
:: ----------------------------------------------------------
8284
:: ---------------Disable "USO_UxBroker" task----------------
8285
:: ----------------------------------------------------------
8286
echo --- Disable "USO_UxBroker" task
8287
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker`
8288
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='USO_UxBroker'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8289
:: ----------------------------------------------------------
8290
 
8291
 
8292
:: ----------------------------------------------------------
8293
:: -------------Disable "UUS Failover Task" task-------------
8294
:: ----------------------------------------------------------
8295
echo --- Disable "UUS Failover Task" task
8296
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\UUS Failover Task`
8297
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='UUS Failover Task'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8298
:: ----------------------------------------------------------
8299
 
8300
 
8301
:: ----------------------------------------------------------
8302
:: ------------Disable "PerformRemediation" task-------------
8303
:: ----------------------------------------------------------
8304
echo --- Disable "PerformRemediation" task
8305
:: Disable scheduled task(s): `\Microsoft\Windows\WaaSMedic\PerformRemediation`
8306
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WaaSMedic\'; $taskNamePattern='PerformRemediation'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; $taskFullPath = "^""$($task.TaskPath)$($task.TaskName)"^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $taskFilePath="^""$($env:SYSTEMROOT)\System32\Tasks$($task.TaskPath)$($task.TaskName)"^""; $accessGranted = $false; try { $originalAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl= Get-Acl -Path $taskFilePath -ErrorAction Stop; $modifiedAcl.SetOwner($adminAccount); $taskFileAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $modifiedAcl.SetAccessRule($taskFileAccessRule); Set-Acl -Path $taskFilePath -AclObject $modifiedAcl -ErrorAction Stop; Write-Host "^""Successfully granted permissions for `"^""$taskFullPath`"^"" ."^""; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$taskFullPath`"^"": $($_.Exception.Message)"^""; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; if ($accessGranted) { try { Set-Acl -Path $taskFilePath -AclObject $originalAcl -ErrorAction Stop; Write-Host "^""Successfully restored permissions for `"^""$taskFullPath`"^"" ."^""; } catch { Write-Warning "^""Failed to restore access on `"^""$taskFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8307
:: ----------------------------------------------------------
8308
 
8309
 
8310
:: ----------------------------------------------------------
8311
:: ----------Disable outdated Windows Update tasks-----------
8312
:: ----------------------------------------------------------
8313
echo --- Disable outdated Windows Update tasks
8314
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\AC Power Download`
8315
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='AC Power Download'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8316
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\AC Power Install`
8317
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='AC Power Install'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8318
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Backup Scan`
8319
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Backup Scan'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8320
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Battery Saver Deferred Install`
8321
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Battery Saver Deferred Install'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8322
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Driver Install`
8323
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Driver Install'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8324
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Maintenance Install`
8325
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Maintenance Install'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8326
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults`
8327
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='MusUx_LogonUpdateResults'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8328
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval`
8329
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='MusUx_UpdateInterval'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8330
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Policy Install`
8331
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Policy Install'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8332
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Reboot`
8333
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Reboot'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8334
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Reboot_AC`
8335
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Reboot_AC'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8336
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery`
8337
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Reboot_Battery'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8338
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Refresh Settings`
8339
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Refresh Settings'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8340
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Resume On Boot`
8341
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Resume On Boot'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8342
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Schedule Retry Scan`
8343
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Schedule Retry Scan'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8344
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan`
8345
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='StartOobeAppsScan'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8346
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display`
8347
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='USO_Broker_Display'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8348
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display`
8349
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='USO_UxBroker_Display'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8350
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot`
8351
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='USO_UxBroker_ReadyToReboot'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8352
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Universal Orchestrator Start`
8353
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Universal Orchestrator Start'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8354
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\Universal Orchestrator Idle Start`
8355
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='Universal Orchestrator Idle Start'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8356
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant`
8357
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='UpdateAssistant'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8358
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun`
8359
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='UpdateAssistantAllUsersRun'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8360
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun`
8361
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='UpdateAssistantCalendarRun'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8362
:: Disable scheduled task(s): `\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun`
8363
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\UpdateOrchestrator\'; $taskNamePattern='UpdateAssistantWakeupRun'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8364
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\AUScheduledInstall`
8365
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='AUScheduledInstall'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8366
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\AUSessionConnect`
8367
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='AUSessionConnect'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8368
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\Automatic App Update`
8369
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='Automatic App Update'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8370
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler`
8371
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\RUXIM\'; $taskNamePattern='PLUGScheduler'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8372
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network`
8373
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='Scheduled Start With Network'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8374
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\sih`
8375
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='sih'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8376
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\sihboot`
8377
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='sihboot'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8378
:: Disable scheduled task(s): `\Microsoft\Windows\WindowsUpdate\sihpostreboot`
8379
PowerShell -ExecutionPolicy Unrestricted -Command "$taskPathPattern='\Microsoft\Windows\WindowsUpdate\'; $taskNamePattern='sihpostreboot'; Write-Output "^""Disabling tasks matching pattern `"^""$taskNamePattern`"^""."^""; $tasks = @(Get-ScheduledTask -TaskPath $taskPathPattern -TaskName $taskNamePattern -ErrorAction Ignore); if (-Not $tasks) { Write-Output "^""Skipping, no tasks matching pattern `"^""$taskNamePattern`"^"" found, no action needed."^""; exit 0; }; $operationFailed = $false; foreach ($task in $tasks) { $taskName = $task.TaskName; if ($task.State -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.StateEnum]::Disabled) { Write-Output "^""Skipping, task `"^""$taskName`"^"" is already disabled, no action needed."^""; continue; }; try { $task | Disable-ScheduledTask -ErrorAction Stop | Out-Null; Write-Output "^""Successfully disabled task `"^""$taskName`"^""."^""; } catch { Write-Error "^""Failed to disable task `"^""$taskName`"^"": $($_.Exception.Message)"^""; $operationFailed = $true; }; }; if ($operationFailed) { Write-Output 'Failed to disable some tasks. Check error messages above.'; exit 1; }"
8380
:: ----------------------------------------------------------
8381
 
8382
 
8383
:: ----------------------------------------------------------
8384
:: --------------Maximize update pause duration--------------
8385
:: ----------------------------------------------------------
8386
echo --- Maximize update pause duration
8387
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings!PauseFeatureUpdatesStartTime"
8388
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' /v 'PauseFeatureUpdatesStartTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8389
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings!PauseFeatureUpdatesEndTime"
8390
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings'; $data =  '2963-01-17T00:00:00Z'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' /v 'PauseFeatureUpdatesEndTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8391
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings!PauseQualityUpdatesStartTime"
8392
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' /v 'PauseQualityUpdatesStartTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8393
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings!PauseQualityUpdatesEndTime"
8394
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings'; $data =  '2963-01-17T00:00:00Z'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' /v 'PauseQualityUpdatesEndTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8395
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings!PauseUpdatesStartTime"
8396
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' /v 'PauseUpdatesStartTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8397
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings!PauseUpdatesExpiryTime"
8398
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings'; $data =  '2963-01-17T00:00:00Z'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings' /v 'PauseUpdatesExpiryTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8399
:: ----------------------------------------------------------
8400
 
8401
 
8402
:: Maximize feature update duration (disables resuming updates from settings)
8403
echo --- Maximize feature update duration (disables resuming updates from settings)
8404
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!Pause"
8405
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'Pause' /t 'REG_DWORD' /d "^""$data"^"" /f"
8406
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!PauseFeatureUpdates"
8407
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'PauseFeatureUpdates' /t 'REG_DWORD' /d "^""$data"^"" /f"
8408
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!PauseFeatureUpdatesStartTime"
8409
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'PauseFeatureUpdatesStartTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8410
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!PauseFeatureUpdatesPeriodInDays"
8411
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '365'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'PauseFeatureUpdatesPeriodInDays' /t 'REG_DWORD' /d "^""$data"^"" /f"
8412
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferFeatureUpdates"
8413
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferFeatureUpdates' /t 'REG_DWORD' /d "^""$data"^"" /f"
8414
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferFeatureUpdatesPeriodInDays"
8415
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '365'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferFeatureUpdatesPeriodInDays' /t 'REG_DWORD' /d "^""$data"^"" /f"
8416
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings!PausedFeatureStatus"
8417
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings' /v 'PausedFeatureStatus' /t 'REG_DWORD' /d "^""$data"^"" /f"
8418
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState!DeferFeatureUpdates"
8419
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState' /v 'DeferFeatureUpdates' /t 'REG_DWORD' /d "^""$data"^"" /f"
8420
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState!FeatureUpdatesPaused"
8421
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState' /v 'FeatureUpdatesPaused' /t 'REG_DWORD' /d "^""$data"^"" /f"
8422
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings!PausedFeatureDate"
8423
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings' /v 'PausedFeatureDate' /t 'REG_SZ' /d "^""$data"^"" /f"
8424
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\Pause!value"
8425
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\Pause'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\Pause' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8426
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseFeatureUpdates!value"
8427
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseFeatureUpdates'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseFeatureUpdates' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8428
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime!value"
8429
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime' /v 'value' /t 'REG_SZ' /d "^""$data"^"" /f"
8430
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays!value"
8431
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays'; $data =  '365'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8432
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ConfigureDeadlineForFeatureUpdates!value"
8433
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ConfigureDeadlineForFeatureUpdates'; $data =  '30'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ConfigureDeadlineForFeatureUpdates' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8434
:: ----------------------------------------------------------
8435
 
8436
 
8437
:: Maximize quality update duration (disables resuming updates from settings)
8438
echo --- Maximize quality update duration (disables resuming updates from settings)
8439
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!Pause"
8440
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'Pause' /t 'REG_DWORD' /d "^""$data"^"" /f"
8441
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!PauseQualityUpdates"
8442
:: This operation will not run on Windows versions earlier than Windows10-1607.
8443
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1607'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'PauseQualityUpdates' /t 'REG_DWORD' /d "^""$data"^"" /f"
8444
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!PauseQualityUpdatesStartTime"
8445
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'PauseQualityUpdatesStartTime' /t 'REG_SZ' /d "^""$data"^"" /f"
8446
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferQualityUpdates"
8447
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferQualityUpdates' /t 'REG_DWORD' /d "^""$data"^"" /f"
8448
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferQualityUpdatesPeriodInDays"
8449
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '30'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferQualityUpdatesPeriodInDays' /t 'REG_DWORD' /d "^""$data"^"" /f"
8450
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings!PausedQualityStatus"
8451
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings' /v 'PausedQualityStatus' /t 'REG_DWORD' /d "^""$data"^"" /f"
8452
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings!PausedQualityDate"
8453
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings' /v 'PausedQualityDate' /t 'REG_SZ' /d "^""$data"^"" /f"
8454
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState!DeferQualityUpdates"
8455
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState' /v 'DeferQualityUpdates' /t 'REG_DWORD' /d "^""$data"^"" /f"
8456
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\Pause!value"
8457
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\Pause'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\Pause' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8458
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseQualityUpdates!value"
8459
:: This operation will not run on Windows versions earlier than Windows10-1607.
8460
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1607'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseQualityUpdates'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseQualityUpdates' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8461
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime!value"
8462
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime'; $data = $((Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')) <# '(Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ')' #>; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime' /v 'value' /t 'REG_SZ' /d "^""$data"^"" /f"
8463
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays!value"
8464
:: This operation will not run on Windows versions earlier than Windows10-1607.
8465
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1607'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays'; $data =  '30'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8466
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ConfigureDeadlineForQualityUpdates!value"
8467
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ConfigureDeadlineForQualityUpdates'; $data =  '30'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ConfigureDeadlineForQualityUpdates' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8468
:: ----------------------------------------------------------
8469
 
8470
 
8471
:: ----------------------------------------------------------
8472
:: ----Maximize update duration on older Windows versions----
8473
:: ----------------------------------------------------------
8474
echo --- Maximize update duration on older Windows versions
8475
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferUpdate"
8476
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferUpdate' /t 'REG_DWORD' /d "^""$data"^"" /f"
8477
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferUpgrade"
8478
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferUpgrade' /t 'REG_DWORD' /d "^""$data"^"" /f"
8479
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferUpdatePeriod"
8480
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '4'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferUpdatePeriod' /t 'REG_DWORD' /d "^""$data"^"" /f"
8481
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!DeferUpgradePeriod"
8482
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '8'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'DeferUpgradePeriod' /t 'REG_DWORD' /d "^""$data"^"" /f"
8483
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate!PauseDeferrals"
8484
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' /v 'PauseDeferrals' /t 'REG_DWORD' /d "^""$data"^"" /f"
8485
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\RequireDeferUpdate!value"
8486
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\RequireDeferUpdate'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\RequireDeferUpdate' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8487
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\RequireDeferUpgrade!value"
8488
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\RequireDeferUpgrade'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\RequireDeferUpgrade' /v 'value' /t 'REG_DWORD' /d "^""$data"^"" /f"
8489
:: ----------------------------------------------------------
8490
 
8491
 
8492
:: ----------------------------------------------------------
8493
:: -------------------Disable online tips--------------------
8494
:: ----------------------------------------------------------
8495
echo --- Disable online tips
8496
:: Set the registry value: "HKLM\SOFTWARE\Policies\Microsoft\Windows\System!AllowOnlineTips"
8497
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System'; $data =  '0'; reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' /v 'AllowOnlineTips' /t 'REG_DWORD' /d "^""$data"^"" /f"
8498
:: ----------------------------------------------------------
8499
 
8500
 
8501
:: ----------------------------------------------------------
8502
:: -------Disable "Internet File Association" service--------
8503
:: ----------------------------------------------------------
8504
echo --- Disable "Internet File Association" service
8505
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith"
8506
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoInternetOpenWith' /t 'REG_DWORD' /d "^""$data"^"" /f"
8507
:: ----------------------------------------------------------
8508
 
8509
 
8510
:: ----------------------------------------------------------
8511
:: -----------Disable "Order Prints" picture task------------
8512
:: ----------------------------------------------------------
8513
echo --- Disable "Order Prints" picture task
8514
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard"
8515
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoOnlinePrintsWizard' /t 'REG_DWORD' /d "^""$data"^"" /f"
8516
:: ----------------------------------------------------------
8517
 
8518
 
8519
:: ----------------------------------------------------------
8520
:: --Disable "Publish to Web" option for files and folders---
8521
:: ----------------------------------------------------------
8522
echo --- Disable "Publish to Web" option for files and folders
8523
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard"
8524
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoPublishingWizard' /t 'REG_DWORD' /d "^""$data"^"" /f"
8525
:: ----------------------------------------------------------
8526
 
8527
 
8528
:: ----------------------------------------------------------
8529
:: -------Disable provider list downloads for wizards--------
8530
:: ----------------------------------------------------------
8531
echo --- Disable provider list downloads for wizards
8532
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices"
8533
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoWebServices' /t 'REG_DWORD' /d "^""$data"^"" /f"
8534
:: ----------------------------------------------------------
8535
 
8536
 
8537
:: ----------------------------------------------------------
8538
:: -------Disable history of recently opened documents-------
8539
:: ----------------------------------------------------------
8540
echo --- Disable history of recently opened documents
8541
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsHistory"
8542
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'NoRecentDocsHistory' /t 'REG_DWORD' /d "^""$data"^"" /f"
8543
:: ----------------------------------------------------------
8544
 
8545
 
8546
:: ----------------------------------------------------------
8547
:: -----Clear recently opened document history upon exit-----
8548
:: ----------------------------------------------------------
8549
echo --- Clear recently opened document history upon exit
8550
:: Set the registry value: "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentDocsOnExit"
8551
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $data =  '1'; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' /v 'ClearRecentDocsOnExit' /t 'REG_DWORD' /d "^""$data"^"" /f"
8552
:: ----------------------------------------------------------
8553
 
8554
 
8555
:: ----------------------------------------------------------
8556
:: --Remove "Desktop" folder from This PC in File Explorer---
8557
:: ----------------------------------------------------------
8558
echo --- Remove "Desktop" folder from This PC in File Explorer
8559
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag!ThisPCPolicy"
8560
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8561
:: Set the registry value: "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag!ThisPCPolicy"
8562
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8563
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons!{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
8564
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons' /v '{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}' /t 'REG_DWORD' /d "^""$data"^"" /f"
8565
:: Suggest restarting explorer.exe for changes to take effect
8566
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8567
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" 
8568
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8569
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8570
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" 
8571
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8572
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8573
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}!HiddenByDefault"
8574
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8575
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8576
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}!HideIfEnabled"
8577
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8578
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8579
:: Suggest restarting explorer.exe for changes to take effect
8580
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8581
:: ----------------------------------------------------------
8582
 
8583
 
8584
:: ----------------------------------------------------------
8585
:: -Remove "Documents" folder from This PC in File Explorer--
8586
:: ----------------------------------------------------------
8587
echo --- Remove "Documents" folder from This PC in File Explorer
8588
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag!ThisPCPolicy"
8589
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8590
:: Set the registry value: "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag!ThisPCPolicy"
8591
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8592
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons!{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
8593
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons' /v '{f42ee2d3-909f-4907-8871-4c22fc0bf756}' /t 'REG_DWORD' /d "^""$data"^"" /f"
8594
:: Suggest restarting explorer.exe for changes to take effect
8595
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8596
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" 
8597
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8598
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8599
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" 
8600
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8601
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8602
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}!HiddenByDefault"
8603
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8604
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8605
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}!HideIfEnabled"
8606
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8607
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8608
:: Suggest restarting explorer.exe for changes to take effect
8609
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8610
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" 
8611
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8612
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8613
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" 
8614
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8615
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8616
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}!HiddenByDefault"
8617
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8618
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8619
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}!HideIfEnabled"
8620
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8621
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8622
:: Suggest restarting explorer.exe for changes to take effect
8623
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8624
:: ----------------------------------------------------------
8625
 
8626
 
8627
:: ----------------------------------------------------------
8628
:: -Remove "Downloads" folder from This PC in File Explorer--
8629
:: ----------------------------------------------------------
8630
echo --- Remove "Downloads" folder from This PC in File Explorer
8631
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag!ThisPCPolicy"
8632
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8633
:: Set the registry value: "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag!ThisPCPolicy"
8634
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8635
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons!{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
8636
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons' /v '{7d83ee9b-2244-4e70-b1f5-5393042af1e4}' /t 'REG_DWORD' /d "^""$data"^"" /f"
8637
:: Suggest restarting explorer.exe for changes to take effect
8638
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8639
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" 
8640
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8641
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8642
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" 
8643
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8644
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8645
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}!HiddenByDefault"
8646
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8647
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8648
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}!HideIfEnabled"
8649
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8650
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8651
:: Suggest restarting explorer.exe for changes to take effect
8652
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8653
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" 
8654
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8655
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8656
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" 
8657
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8658
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8659
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}!HiddenByDefault"
8660
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8661
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8662
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}!HideIfEnabled"
8663
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8664
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8665
:: Suggest restarting explorer.exe for changes to take effect
8666
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8667
:: ----------------------------------------------------------
8668
 
8669
 
8670
:: ----------------------------------------------------------
8671
:: ---Remove "Videos"folder from This PC in File Explorer----
8672
:: ----------------------------------------------------------
8673
echo --- Remove "Videos"folder from This PC in File Explorer
8674
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag!ThisPCPolicy"
8675
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8676
:: Set the registry value: "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag!ThisPCPolicy"
8677
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8678
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons!{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
8679
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons' /v '{35286a68-3c57-41a1-bbb1-0eae73d76c95}' /t 'REG_DWORD' /d "^""$data"^"" /f"
8680
:: Suggest restarting explorer.exe for changes to take effect
8681
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8682
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" 
8683
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8684
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8685
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" 
8686
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8687
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8688
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}!HiddenByDefault"
8689
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8690
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8691
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}!HideIfEnabled"
8692
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8693
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8694
:: Suggest restarting explorer.exe for changes to take effect
8695
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8696
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" 
8697
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8698
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8699
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" 
8700
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8701
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8702
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}!HiddenByDefault"
8703
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8704
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8705
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}!HideIfEnabled"
8706
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8707
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8708
:: Suggest restarting explorer.exe for changes to take effect
8709
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8710
:: ----------------------------------------------------------
8711
 
8712
 
8713
:: ----------------------------------------------------------
8714
:: ---Remove "Music" folder from This PC in File Explorer----
8715
:: ----------------------------------------------------------
8716
echo --- Remove "Music" folder from This PC in File Explorer
8717
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag!ThisPCPolicy"
8718
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8719
:: Set the registry value: "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag!ThisPCPolicy"
8720
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8721
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons!{a0c69a99-21c8-4671-8703-7934162fcf1d}"
8722
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons' /v '{a0c69a99-21c8-4671-8703-7934162fcf1d}' /t 'REG_DWORD' /d "^""$data"^"" /f"
8723
:: Suggest restarting explorer.exe for changes to take effect
8724
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8725
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" 
8726
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8727
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8728
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" 
8729
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8730
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8731
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}!HiddenByDefault"
8732
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8733
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8734
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}!HideIfEnabled"
8735
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8736
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8737
:: Suggest restarting explorer.exe for changes to take effect
8738
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8739
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" 
8740
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8741
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8742
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" 
8743
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8744
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8745
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}!HiddenByDefault"
8746
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8747
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8748
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}!HideIfEnabled"
8749
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8750
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8751
:: Suggest restarting explorer.exe for changes to take effect
8752
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8753
:: ----------------------------------------------------------
8754
 
8755
 
8756
:: ----------------------------------------------------------
8757
:: --Remove "Pictures" folder from This PC in File Explorer--
8758
:: ----------------------------------------------------------
8759
echo --- Remove "Pictures" folder from This PC in File Explorer
8760
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag!ThisPCPolicy"
8761
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8762
:: Set the registry value: "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag!ThisPCPolicy"
8763
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8764
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons!{0ddd015d-b06c-45d5-8c4c-f59713854639}"
8765
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons' /v '{0ddd015d-b06c-45d5-8c4c-f59713854639}' /t 'REG_DWORD' /d "^""$data"^"" /f"
8766
:: Suggest restarting explorer.exe for changes to take effect
8767
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8768
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" 
8769
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8770
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8771
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" 
8772
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8773
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8774
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}!HiddenByDefault"
8775
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8776
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8777
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}!HideIfEnabled"
8778
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8779
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8780
:: Suggest restarting explorer.exe for changes to take effect
8781
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8782
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" 
8783
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8784
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8785
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" 
8786
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8787
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8788
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}!HiddenByDefault"
8789
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8790
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8791
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}!HideIfEnabled"
8792
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8793
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8794
:: Suggest restarting explorer.exe for changes to take effect
8795
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8796
:: ----------------------------------------------------------
8797
 
8798
 
8799
:: Remove outdated "3D Objects" folder from This PC in File Explorer
8800
echo --- Remove outdated "3D Objects" folder from This PC in File Explorer
8801
:: Set the registry value: "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag!ThisPCPolicy"
8802
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8803
:: Set the registry value: "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag!ThisPCPolicy"
8804
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag'; $data =  'Hide'; reg add 'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\PropertyBag' /v 'ThisPCPolicy' /t 'REG_SZ' /d "^""$data"^"" /f"
8805
:: Set the registry value: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons!{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
8806
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons'; $data =  '1'; reg add 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons' /v '{31C0DD25-9439-4F12-BF41-7FF4EDA38722}' /t 'REG_DWORD' /d "^""$data"^"" /f"
8807
:: Suggest restarting explorer.exe for changes to take effect
8808
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8809
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" 
8810
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8811
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8812
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" 
8813
:: This operation will not run on Windows versions later than Windows10-MostRecent.
8814
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8815
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}!HiddenByDefault"
8816
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8817
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}'; $data =  '1'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}' /v 'HiddenByDefault' /t 'REG_DWORD' /d "^""$data"^"" /f"
8818
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}!HideIfEnabled"
8819
:: This operation will not run on Windows versions earlier than Windows11-FirstRelease.
8820
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-FirstRelease'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $registryPath = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}'; $data =  '0x22ab9b9'; reg add 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}' /v 'HideIfEnabled' /t 'REG_DWORD' /d "^""$data"^"" /f"
8821
:: Suggest restarting explorer.exe for changes to take effect
8822
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'This script will not take effect until you restart explorer.exe. You can restart explorer.exe by restarting your computer or by running following on command prompt: `taskkill /f /im explorer.exe & start explorer`.'; $warn =  $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
8823
:: ----------------------------------------------------------
8824
 
8825
 
8826
:: ----------------------------------------------------------
8827
:: ----------Remove Edge through official installer----------
8828
:: ----------------------------------------------------------
8829
echo --- Remove Edge through official installer
8830
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdateDev!AllowUninstall"
8831
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdateDev'; $data =  '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdateDev' /v 'AllowUninstall' /t 'REG_DWORD' /d "^""$data"^"" /f"
8832
:: Create a placeholder file at "%SYSTEMROOT%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".
8833
PowerShell -ExecutionPolicy Unrestricted -Command "$filePath = '%SYSTEMROOT%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe'; $expandedFilePath = [System.Environment]::ExpandEnvironmentVariables($filePath); $placeholderText = 'privacy.sexy placeholder'; Write-Output "^""Creating placeholder file at `"^""$expandedFilePath`"^""."^""; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedFilePath); if (Test-Path $expandedFilePath -PathType Leaf) { Write-Host "^""Skipping file creation as `"^""$expandedFilePath`"^"" already exists."^""; Exit 0; }; if (Test-Path $parentDirectory -PathType Container) { Write-Host "^""Skipping parent directory creation as `"^""$parentDirectory`"^"" already exists."^""; } else { try { New-Item -ItemType Directory -Path "^""$parentDirectory"^"" -Force -ErrorAction Stop | Out-Null; Write-Output "^""Successfully created directory for placeholder file at `"^""$parentDirectory`"^""."^""; }  catch { Write-Error "^""Failed to create directory for placeholder at `"^""$parentDirectory`"^"": $_"^""; Exit 1; }; }; try { New-Item -ItemType File -Path $expandedFilePath -Value "^""$placeholderText"^"" -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created a placeholder file at `"^""$expandedFilePath`"^""."^""; } catch { Write-Error "^""Failed to create placeholder file at `"^""$expandedFilePath`"^"": $_"^""; Exit 1; }"
8834
:: Uninstall running the official uninstaller
8835
PowerShell -ExecutionPolicy Unrestricted -Command "$installers = (Get-ChildItem "^""$($env:ProgramFiles)*\Microsoft\Edge\Application\*\Installer\setup.exe"^""); if (!$installers) { Write-Host 'Installer not found. Microsoft Edge may already be uninstalled.'; } else { foreach ($installer in $installers) { $uninstallerPath = $installer.FullName; if (-Not (Test-Path "^""$uninstallerPath"^"")) { Write-Host "^""Installer not found at `"^""$uninstallerPath`"^"". Microsoft Edge may already be uninstalled."^""; continue; }; $installerArguments = @("^""--uninstall"^"", "^""--system-level"^"", "^""--verbose-logging"^"", "^""--force-uninstall"^""); Write-Output "^""Uninstalling through uninstaller: $uninstallerPath"^""; $process = Start-Process -FilePath "^""$uninstallerPath"^"" -ArgumentList $installerArguments -Wait -PassThru; if ($process.ExitCode -eq 0 -or $process.ExitCode -eq 19) { Write-Host "^""Successfully uninstalled Edge."^""; } else { Write-Error "^""Failed to uninstall, uninstaller failed with exit code $($process.ExitCode)."^""; }; }; }"
8836
:: ----------------------------------------------------------
8837
 
8838
 
8839
:: ----------------------------------------------------------
8840
:: ------------------Remove Edge shortcuts-------------------
8841
:: ----------------------------------------------------------
8842
echo --- Remove Edge shortcuts
8843
PowerShell -ExecutionPolicy Unrestricted -Command "$shortcuts = @(; @{ Revert = $True;  Path = "^""$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk"^""; }; @{ Revert = $True;  Path = "^""$env:AppData\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk"^""; }; @{ Revert = $True;  Path = "^""$env:AppData\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk"^""; }; @{ Revert = $True;  Path = "^""$env:Public\Desktop\Microsoft Edge.lnk"^""; }; @{ Revert = $True;  Path = "^""$env:SystemRoot\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk"^""; }; @{ Revert = $False; Path = "^""$env:UserProfile\Desktop\Microsoft Edge.lnk"^""; }; ); foreach ($shortcut in $shortcuts) { if (-Not (Test-Path $shortcut.Path)) { Write-Host "^""Skipping, shortcut does not exist: `"^""$($shortcut.Path)`"^""."^""; continue; }; try { Remove-Item -Path $shortcut.Path -Force -ErrorAction Stop; Write-Output "^""Successfully removed shortcut: `"^""$($shortcut.Path)`"^""."^""; } catch { Write-Error "^""Encountered an issue while attempting to remove shortcut at: `"^""$($shortcut.Path)`"^""."^""; }; }"
8844
:: ----------------------------------------------------------
8845
 
8846
 
8847
:: ----------------------------------------------------------
8848
:: ---------------------Remove Xbox App----------------------
8849
:: ----------------------------------------------------------
8850
echo --- Remove Xbox App
8851
:: Uninstall 'Microsoft.GamingApp' Store app
8852
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.GamingApp' | Remove-AppxPackage"
8853
:: Mark 'Microsoft.GamingApp' as deprovisioned to block reinstall during Windows updates.
8854
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.GamingApp_8wekyb3d8bbwe" registry key
8855
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.GamingApp_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8856
:: ----------------------------------------------------------
8857
 
8858
 
8859
:: ----------------------------------------------------------
8860
:: ---------------------Remove Game Bar----------------------
8861
:: ----------------------------------------------------------
8862
echo --- Remove Game Bar
8863
:: Uninstall 'Microsoft.XboxGamingOverlay' Store app
8864
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxGamingOverlay' | Remove-AppxPackage"
8865
:: Mark 'Microsoft.XboxGamingOverlay' as deprovisioned to block reinstall during Windows updates.
8866
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe" registry key
8867
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8868
:: Uninstall 'Microsoft.XboxGameOverlay' Store app
8869
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxGameOverlay' | Remove-AppxPackage"
8870
:: Mark 'Microsoft.XboxGameOverlay' as deprovisioned to block reinstall during Windows updates.
8871
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameOverlay_8wekyb3d8bbwe" registry key
8872
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameOverlay_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8873
:: ----------------------------------------------------------
8874
 
8875
 
8876
:: ----------------------------------------------------------
8877
:: ----------Remove outdated Xbox Console Companion----------
8878
:: ----------------------------------------------------------
8879
echo --- Remove outdated Xbox Console Companion
8880
:: Uninstall 'Microsoft.XboxApp' Store app
8881
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxApp' | Remove-AppxPackage"
8882
:: Mark 'Microsoft.XboxApp' as deprovisioned to block reinstall during Windows updates.
8883
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxApp_8wekyb3d8bbwe" registry key
8884
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxApp_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8885
:: ----------------------------------------------------------
8886
 
8887
 
8888
:: ----------------------------------------------------------
8889
:: -----------Remove Xbox Live in-game experience------------
8890
:: ----------------------------------------------------------
8891
echo --- Remove Xbox Live in-game experience
8892
:: Uninstall 'Microsoft.Xbox.TCUI' Store app
8893
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.Xbox.TCUI' | Remove-AppxPackage"
8894
:: Mark 'Microsoft.Xbox.TCUI' as deprovisioned to block reinstall during Windows updates.
8895
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Xbox.TCUI_8wekyb3d8bbwe" registry key
8896
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Xbox.TCUI_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8897
:: ----------------------------------------------------------
8898
 
8899
 
8900
:: ----------------------------------------------------------
8901
:: ------------Remove Xbox Speech To Text Overlay------------
8902
:: ----------------------------------------------------------
8903
echo --- Remove Xbox Speech To Text Overlay
8904
:: Uninstall 'Microsoft.XboxSpeechToTextOverlay' Store app
8905
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxSpeechToTextOverlay' | Remove-AppxPackage"
8906
:: Mark 'Microsoft.XboxSpeechToTextOverlay' as deprovisioned to block reinstall during Windows updates.
8907
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe" registry key
8908
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8909
:: ----------------------------------------------------------
8910
 
8911
 
8912
:: ----------------------------------------------------------
8913
:: ---------------Disable Xbox Live Game Save----------------
8914
:: ----------------------------------------------------------
8915
echo --- Disable Xbox Live Game Save
8916
:: Disable service(s): `XblGameSave`
8917
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'XblGameSave'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
8918
:: ----------------------------------------------------------
8919
 
8920
 
8921
:: ----------------------------------------------------------
8922
:: -----------Disable Xbox Live Networking Service-----------
8923
:: ----------------------------------------------------------
8924
echo --- Disable Xbox Live Networking Service
8925
:: Disable service(s): `XboxNetApiSvc`
8926
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'XboxNetApiSvc'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
8927
:: ----------------------------------------------------------
8928
 
8929
 
8930
:: ----------------------------------------------------------
8931
:: --------------Disable Xbox Live Auth Manager--------------
8932
:: ----------------------------------------------------------
8933
echo --- Disable Xbox Live Auth Manager
8934
:: Disable service(s): `XblAuthManager`
8935
PowerShell -ExecutionPolicy Unrestricted -Command "$serviceName = 'XblAuthManager'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
8936
:: ----------------------------------------------------------
8937
 
8938
 
8939
:: ----------------------------------------------------------
8940
:: ---Remove Xbox Identity Provider (breaks Xbox sign-in)----
8941
:: ----------------------------------------------------------
8942
echo --- Remove Xbox Identity Provider (breaks Xbox sign-in)
8943
:: Uninstall 'Microsoft.XboxIdentityProvider' Store app
8944
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxIdentityProvider' | Remove-AppxPackage"
8945
:: Mark 'Microsoft.XboxIdentityProvider' as deprovisioned to block reinstall during Windows updates.
8946
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe" registry key
8947
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8948
:: ----------------------------------------------------------
8949
 
8950
 
8951
:: Remove "Xbox Game Callable UI" app (breaks Xbox Live games)
8952
echo --- Remove "Xbox Game Callable UI" app (breaks Xbox Live games)
8953
:: Soft delete files matching pattern: "%SYSTEMROOT%\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\*" with additional permissions 
8954
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8955
:: Soft delete files matching pattern: "%SYSTEMROOT%\$(("Microsoft.XboxGameCallableUI" -Split '\.')[-1])\*" with additional permissions 
8956
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\$(("^""Microsoft.XboxGameCallableUI"^"" -Split '\.')[-1])\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8957
:: Soft delete files matching pattern: "%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.XboxGameCallableUI_*_cw5n1h2txyewy\*" with additional permissions 
8958
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.XboxGameCallableUI_*_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8959
:: Enable removal of system app 'Microsoft.XboxGameCallableUI' by marking it as "EndOfLife"
8960
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.XboxGameCallableUI_cw5n1h2txyewy" registry key
8961
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.XboxGameCallableUI_cw5n1h2txyewy'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8962
:: Uninstall 'Microsoft.XboxGameCallableUI' Store app
8963
PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxGameCallableUI' | Remove-AppxPackage"
8964
:: Mark 'Microsoft.XboxGameCallableUI' as deprovisioned to block reinstall during Windows updates.
8965
:: Create "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameCallableUI_cw5n1h2txyewy" registry key
8966
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameCallableUI_cw5n1h2txyewy'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; if (Test-Path $registryPath) { Write-Host "^""Skipping, no action needed, registry path `"^""$registryPath`"^"" already exists."^""; exit 0; }; try { New-Item -Path $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully created the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to create the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8967
:: Remove the registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.XboxGameCallableUI_cw5n1h2txyewy" (Revert 'Microsoft.XboxGameCallableUI' to its default, non-removable state.)
8968
PowerShell -ExecutionPolicy Unrestricted -Command "$keyPath='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\$CURRENT_USER_SID\Microsoft.XboxGameCallableUI_cw5n1h2txyewy'; $registryHive = $keyPath.Split('\')[0]; $registryPath = "^""$($registryHive):$($keyPath.Substring($registryHive.Length))"^""; $userSid = (New-Object System.Security.Principal.NTAccount($env:USERNAME)).Translate([Security.Principal.SecurityIdentifier]).Value; $registryPath = $registryPath.Replace('$CURRENT_USER_SID', $userSid); Write-Host "^""Removing registry key at `"^""$registryPath`"^""."^""; if (-not (Test-Path -LiteralPath $registryPath)) { Write-Host "^""Skipping, no action needed, registry key `"^""$registryPath`"^"" does not exist."^""; exit 0; }; try { Remove-Item -LiteralPath $registryPath -Force -ErrorAction Stop | Out-Null; Write-Host "^""Successfully removed the registry key at path `"^""$registryPath`"^""."^""; } catch { Write-Error "^""Failed to remove the registry key at path `"^""$registryPath`"^"": $($_.Exception.Message)"^""; }"
8969
:: Soft delete files matching pattern: "%LOCALAPPDATA%\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\*"  
8970
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"
8971
:: Soft delete files matching pattern: "%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_*_cw5n1h2txyewy\*" with additional permissions 
8972
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_*_cw5n1h2txyewy\*"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
8973
:: ----------------------------------------------------------
8974
 
8975
 
8976
:: ----------------------------------------------------------
8977
:: ------Remove Edge application selection associations------
8978
:: ----------------------------------------------------------
8979
echo --- Remove Edge application selection associations
8980
:: Remove file association for "MSEdgeHTM" for .webp
8981
:: Delete the registry value "MSEdgeHTM_.webp" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
8982
:: This operation will not run on Windows versions earlier than Windows10-20H2.
8983
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.webp'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
8984
:: Remove file association for "MSEdgeHTM" for .xml
8985
:: Delete the registry value "MSEdgeHTM_.xml" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
8986
:: This operation will not run on Windows versions earlier than Windows10-1909.
8987
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.xml'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
8988
:: Remove file association for "MSEdgeHTM" for http
8989
:: Delete the registry value "MSEdgeHTM_http" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
8990
:: This operation will not run on Windows versions earlier than Windows10-1909.
8991
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_http'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
8992
:: Remove file association for "MSEdgeHTM" for https
8993
:: Delete the registry value "MSEdgeHTM_https" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
8994
:: This operation will not run on Windows versions earlier than Windows10-1909.
8995
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_https'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
8996
:: Remove file association for "MSEdgeHTM" for .htm
8997
:: Delete the registry value "MSEdgeHTM_.htm" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
8998
:: This operation will not run on Windows versions earlier than Windows10-1909.
8999
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.htm'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9000
:: Remove file association for "MSEdgeHTM" for .html
9001
:: Delete the registry value "MSEdgeHTM_.html" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9002
:: This operation will not run on Windows versions earlier than Windows10-1909.
9003
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.html'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9004
:: Remove file association for "MSEdgePDF" for .pdf
9005
:: Delete the registry value "MSEdgePDF_.pdf" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9006
:: This operation will not run on Windows versions earlier than Windows10-1909.
9007
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgePDF_.pdf'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9008
:: Remove file association for "MSEdgeHTM" for .svg
9009
:: Delete the registry value "MSEdgeHTM_.svg" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9010
:: This operation will not run on Windows versions earlier than Windows10-1909.
9011
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.svg'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9012
:: Remove file association for "MSEdgeHTM" for mailto
9013
:: Delete the registry value "MSEdgeHTM_mailto" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9014
:: This operation will not run on Windows versions earlier than Windows10-1909.
9015
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_mailto'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9016
:: Remove file association for "MSEdgeHTM" for read
9017
:: Delete the registry value "MSEdgeHTM_read" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9018
:: This operation will not run on Windows versions earlier than Windows10-1909.This operation will not run on Windows versions later than Windows10-MostRecent.
9019
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_read'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9020
:: Remove file association for "MSEdgeHTM" for .mht
9021
:: Delete the registry value "MSEdgeHTM_.mht" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9022
:: This operation will not run on Windows versions earlier than Windows10-1909.This operation will not run on Windows versions later than Windows10-MostRecent.
9023
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.mht'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9024
:: Remove file association for "MSEdgeMHT" for .mht
9025
:: Delete the registry value "MSEdgeMHT_.mht" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9026
:: This operation will not run on Windows versions earlier than Windows10-1909.
9027
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeMHT_.mht'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9028
:: Remove file association for "MSEdgeHTM" for .mhtml
9029
:: Delete the registry value "MSEdgeHTM_.mhtml" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9030
:: This operation will not run on Windows versions earlier than Windows10-1909.This operation will not run on Windows versions later than Windows10-MostRecent.
9031
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.mhtml'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9032
:: Remove file association for "MSEdgeMHT" for .mhtml
9033
:: Delete the registry value "MSEdgeMHT_.mhtml" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9034
:: This operation will not run on Windows versions earlier than Windows10-1909.
9035
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeMHT_.mhtml'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9036
:: Remove file association for "MSEdgeHTM" for microsoft-edge
9037
:: Delete the registry value "MSEdgeHTM_microsoft-edge" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9038
:: This operation will not run on Windows versions earlier than Windows10-1909.This operation will not run on Windows versions later than Windows10-1909.
9039
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_microsoft-edge'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9040
:: Remove file association for "MSEdgeHTM" for microsoft-edge
9041
:: Delete the registry value "MSEdgeHTM_microsoft-edge" from the key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9042
:: This operation will not run on Windows versions earlier than Windows10-1909.This operation will not run on Windows versions later than Windows11-21H2.
9043
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_microsoft-edge'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9044
:: Remove file association for "MSEdgeHTM" for .xht
9045
:: Delete the registry value "MSEdgeHTM_.xht" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9046
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9047
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.xht'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9048
:: Remove file association for "MSEdgeHTM" for .xhtml
9049
:: Delete the registry value "MSEdgeHTM_.xhtml" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9050
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9051
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_.xhtml'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9052
:: Remove file association for "MSEdgeHTM" for ftp
9053
:: Delete the registry value "MSEdgeHTM_ftp" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts" 
9054
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9055
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts'; $valueName = 'MSEdgeHTM_ftp'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9056
:: ----------------------------------------------------------
9057
 
9058
 
9059
:: ----------------------------------------------------------
9060
:: ------------Remove Edge Open With associations------------
9061
:: ----------------------------------------------------------
9062
echo --- Remove Edge Open With associations
9063
:: Delete Open With association for "{{ progId }}" for .htm
9064
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.htm\OpenWithProgids" 
9065
:: This operation will not run on Windows versions earlier than Windows10-1909.
9066
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.htm\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9067
:: Delete Open With association for "{{ progId }}" for .html
9068
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.html\OpenWithProgids" 
9069
:: This operation will not run on Windows versions earlier than Windows10-1909.
9070
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.html\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9071
:: Delete Open With association for "{{ progId }}" for .mht
9072
:: Delete the registry value "MSEdgeMHT" from the key "HKLM\Software\Classes\.mht\OpenWithProgids" 
9073
:: This operation will not run on Windows versions earlier than Windows10-1909.
9074
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.mht\OpenWithProgids'; $valueName = 'MSEdgeMHT'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9075
:: Delete Open With association for "{{ progId }}" for .mhtml
9076
:: Delete the registry value "MSEdgeMHT" from the key "HKLM\Software\Classes\.mhtml\OpenWithProgids" 
9077
:: This operation will not run on Windows versions earlier than Windows10-1909.
9078
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.mhtml\OpenWithProgids'; $valueName = 'MSEdgeMHT'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9079
:: Delete Open With association for "{{ progId }}" for .pdf
9080
:: Delete the registry value "MSEdgePDF" from the key "HKLM\Software\Classes\.pdf\OpenWithProgids" 
9081
:: This operation will not run on Windows versions earlier than Windows10-1909.
9082
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.pdf\OpenWithProgids'; $valueName = 'MSEdgePDF'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9083
:: Delete Open With association for "{{ progId }}" for .shtml
9084
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.shtml\OpenWithProgids" 
9085
:: This operation will not run on Windows versions earlier than Windows10-1909.
9086
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.shtml\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9087
:: Delete Open With association for "{{ progId }}" for .svg
9088
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.svg\OpenWithProgids" 
9089
:: This operation will not run on Windows versions earlier than Windows10-1909.
9090
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.svg\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9091
:: Delete Open With association for "{{ progId }}" for .webp
9092
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.webp\OpenWithProgids" 
9093
:: This operation will not run on Windows versions earlier than Windows10-1909.
9094
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.webp\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9095
:: Delete Open With association for "{{ progId }}" for .xht
9096
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.xht\OpenWithProgids" 
9097
:: This operation will not run on Windows versions earlier than Windows10-1909.
9098
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.xht\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9099
:: Delete Open With association for "{{ progId }}" for .xhtml
9100
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.xhtml\OpenWithProgids" 
9101
:: This operation will not run on Windows versions earlier than Windows10-1909.
9102
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.xhtml\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9103
:: Delete Open With association for "{{ progId }}" for .xml
9104
:: Delete the registry value "MSEdgeHTM" from the key "HKLM\Software\Classes\.xml\OpenWithProgids" 
9105
:: This operation will not run on Windows versions earlier than Windows10-1909.
9106
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-1909'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKLM\Software\Classes\.xml\OpenWithProgids'; $valueName = 'MSEdgeHTM'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9107
:: ----------------------------------------------------------
9108
 
9109
 
9110
:: ----------------------------------------------------------
9111
:: --------------Remove Edge user associations---------------
9112
:: ----------------------------------------------------------
9113
echo --- Remove Edge user associations
9114
:: Remove user-chosen URL association for "MSEdgeHTM" for http URL protocol
9115
:: Delete the registry value "ProgId" from the key "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" 
9116
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9117
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9118
:: Remove user-chosen URL association for "MSEdgeHTM" for https URL protocol
9119
:: Delete the registry value "ProgId" from the key "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice" 
9120
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9121
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9122
:: Remove user-chosen URL association for "MSEdgeHTM" for microsoft-edge URL protocol
9123
:: Delete the registry value "ProgId" from the key "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\microsoft-edge\UserChoice" 
9124
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9125
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\microsoft-edge\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9126
:: Remove user-chosen URL association for "MSEdgeHTM" for microsoft-edge-holographic URL protocol
9127
:: Delete the registry value "ProgId" from the key "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\microsoft-edge-holographic\UserChoice" 
9128
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9129
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\microsoft-edge-holographic\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9130
:: Remove user-chosen URL association for "MSEdgeHTM" for ms-xbl-3d8b930f URL protocol
9131
:: Delete the registry value "ProgId" from the key "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ms-xbl-3d8b930f\UserChoice" 
9132
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9133
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ms-xbl-3d8b930f\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9134
:: Remove user-chosen URL association for "MSEdgeHTM" for read URL protocol
9135
:: Delete the registry value "ProgId" from the key "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\read\UserChoice" 
9136
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9137
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\read\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9138
:: Remove user-chosen file association for "MSEdgeHTM" for .htm files
9139
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" (with additional permissions)
9140
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9141
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9142
:: Remove user-chosen file association for "MSEdgeHTM" for .html files
9143
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" (with additional permissions)
9144
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9145
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9146
:: Remove user-chosen file association for "MSEdgePDF" for .pdf files
9147
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice" (with additional permissions)
9148
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9149
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgePDF'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9150
:: Remove user-chosen file association for "MSEdgeHTM" for .svg files
9151
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice" (with additional permissions)
9152
:: This operation will not run on Windows versions earlier than Windows10-20H2.
9153
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-20H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9154
:: Remove user-chosen file association for "MSEdgeHTM" for .mht files
9155
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice" (with additional permissions)
9156
:: This operation will not run on Windows versions earlier than Windows10-21H2.This operation will not run on Windows versions later than Windows10-MostRecent.
9157
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9158
:: Remove user-chosen file association for "MSEdgeMHT" for .mht files
9159
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice" (with additional permissions)
9160
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9161
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeMHT'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9162
:: Remove user-chosen file association for "MSEdgeHTM" for .mhtml files
9163
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice" (with additional permissions)
9164
:: This operation will not run on Windows versions earlier than Windows10-21H2.This operation will not run on Windows versions later than Windows10-MostRecent.
9165
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows10-MostRecent'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9166
:: Remove user-chosen file association for "MSEdgeMHT" for .mhtml files
9167
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice" (with additional permissions)
9168
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9169
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeMHT'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9170
:: Remove user-chosen file association for "MSEdgeHTM" for .xml files
9171
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice" (with additional permissions)
9172
:: This operation will not run on Windows versions earlier than Windows10-22H2.This operation will not run on Windows versions later than Windows10-22H2.
9173
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows10-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }$versionName = 'Windows10-22H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9174
:: Remove user-chosen URL association for "MSEdgeHTM" for ftp URL protocol
9175
:: Delete the registry value "ProgId" from the key "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice" 
9176
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9177
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $keyName = 'HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
9178
:: Remove user-chosen file association for "MSEdgeHTM" for .xht files
9179
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" (with additional permissions)
9180
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9181
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9182
:: Remove user-chosen file association for "MSEdgeHTM" for .xhtml files
9183
:: Delete the registry value "ProgId" from the key "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice" (with additional permissions)
9184
:: This operation will not run on Windows versions earlier than Windows11-21H2.
9185
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $RawRegistryPath = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice'; $AclChanges = [PSCustomObject]@{ PreviousOwner = $null; RemovedRules = @(); AddedRules = @(); InheritanceDisabled = $false; }; function Test-AccessModified { return $AclChanges.PreviousOwner -Or $AclChanges.RemovedRules.Count -gt 0 -Or $AclChanges.AddedRules.Count  -gt 0 -Or $AclChanges.InheritanceDisabled; }; function Open-RegistryKey { param ([Parameter(Mandatory=$true)][int]$Rights); <# [OutputType([Microsoft.Win32.RegistryKey])] # Not working through cmd.exe #>; $hive = $RawRegistryPath.Split('\')[0]; $pathWithoutHive = $RawRegistryPath.Substring($hive.Length + 1); try { $rootKey = switch ($hive) { 'HKCU' { [Microsoft.Win32.Registry]::CurrentUser }; 'HKLM' { [Microsoft.Win32.Registry]::LocalMachine }; default { Write-Error "^""Internal error: Unknown registry hive ($hive)."^""; Exit 1; }; }; $key = $rootKey.OpenSubKey( $pathWithoutHive, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, $Rights ); } catch { throw "^""Error when opening '$pathWithoutHive' on '$hive' hive: $_"^""; }; if (-Not $key) { throw "^""Unknown error when opening '$pathWithoutHive' on '$hive' hive."^""; }; return $key; }; function Grant-Permissions { Write-Host "^""Granting permissions to '$RawRegistryPath' registry key."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::TakeOwnership); $acl = $subkey.GetAccessControl(); $owner = $acl.GetOwner([System.Security.Principal.NTAccount]); if ($owner -eq $adminAccount) { $subkey.Close(); } else { $AclChanges.PreviousOwner = $owner; $acl.SetOwner($adminAccount); $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host "^""Successfully took ownership from '$($owner.Value)'."^""; }; } catch { Write-Warning "^""Failed to take ownership. Error: $($_.Exception.Message)"^""; }; try { $subkey = Open-RegistryKey -Rights ([System.Security.AccessControl.RegistryRights]::ChangePermissions); $acl = $subkey.GetAccessControl(); $adminFullControlExists = $acl.Access | Where-Object { $_.IdentityReference -eq $adminAccount -and $_.RegistryRights -eq [System.Security.AccessControl.RegistryRights]::FullControl -and $_.AccessControlType -eq [System.Security.AccessControl.AccessControlType]::Allow }; if (-Not $adminFullControlExists) { Write-Host 'Granting full control to administrators.'; $fullControlRule = New-Object System.Security.AccessControl.RegistryAccessRule( $adminAccount, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $acl.AddAccessRule($fullControlRule); $AclChanges.AddedRules += $fullControlRule; }; if ($acl.AreAccessRulesProtected) { $acl.SetAccessRuleProtection($false, $false); $AclChanges.InheritanceDisabled = $true; }; $denyRules = @($acl.Access.Where({ $_.AccessControlType -eq 'Deny' })); foreach ($denyRule in $denyRules) { Write-Host "^""Removing a deny rule for '$($denyRule.IdentityReference)'."^""; if ($acl.RemoveAccessRule($denyRule)) { $AclChanges.RemovedRules += $denyRule; } else { Write-Warning 'Failed to remove the rule.'; }; }; if (-Not (Test-AccessModified)) { Write-Host 'No access modifications were necessary.'; $subkey.Close(); } else { $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully applied new access rules.'; }; } catch { Write-Warning "^""Failed to modify access. Error: $($_.Exception.Message)"^""; }; }; function Revoke-Permissions { Write-Host "^""Restoring permissions: '$RawRegistryPath'."^""; if (-Not (Test-AccessModified)) { Write-Host 'Skipping revoking permissions, they were not granted.'; return; } else { try { $subkey = Open-RegistryKey -Rights ( [System.Security.AccessControl.RegistryRights]::TakeOwnership -bor [System.Security.AccessControl.RegistryRights]::ChangePermissions ); $acl = $subkey.GetAccessControl(); if ($AclChanges.PreviousOwner) { Write-Host 'Restoring owner.'; $acl.SetOwner($AclChanges.PreviousOwner); }; foreach ($rule in $AclChanges.AddedRules) { Write-Host "^""Removing rule for '$($rule.IdentityReference)'."^""; if (-Not $acl.RemoveAccessRule($rule)) { Write-Warning 'Failed to remove the rule.'; }; }; foreach ($rule in $AclChanges.RemovedRules) { $acl.AddAccessRule($rule); Write-Host "^""Adding a rule for '$($rule.IdentityReference)'."^""; }; if ($AclChanges.InheritanceDisabled) { $acl.SetAccessRuleProtection($true, $true); Write-Host 'Restoring inheritance.'; }; $subkey.SetAccessControl($acl); $subkey.Close(); Write-Host 'Successfully restored permissions.'; } catch { Write-Warning "^""Failed to restore permissions. Error: $($_.Exception.Message)"^""; }; }; }; $keyName = 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice'; $valueName = 'ProgId'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; $expectedData = 'MSEdgeHTM'; $currentData = Get-ItemProperty -LiteralPath $path -Name $valueName | Select-Object -ExpandProperty $valueName; if ($currentData -ne $expectedData) { Write-Host "^""Skipping, no action needed, current data '$currentData' is not same as '$expectedData'."^""; Exit 0; }; Grant-Permissions; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; } finally { Revoke-Permissions }"
9186
:: ----------------------------------------------------------
9187
 
9188
 
9189
:: Pause the script to view the final state
9190
pause
9191
:: Restore previous environment settings
9192
endlocal
9193
:: Exit the script successfully
9194
exit /b 0