en-US
0409:00000409
en-US
en-US
en-US
true
VK7JG-NPHTM-C97JM-9MPGT-3V66T
true
1
cmd.exe /c ">>"X:\diskpart.txt" echo SELECT DISK=0"
2
cmd.exe /c ">>"X:\diskpart.txt" echo CLEAN"
3
cmd.exe /c ">>"X:\diskpart.txt" echo CONVERT GPT"
4
cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION EFI SIZE=300"
5
cmd.exe /c ">>"X:\diskpart.txt" echo FORMAT QUICK FS=FAT32 LABEL="System""
6
cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION MSR SIZE=128"
7
cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION PRIMARY"
8
cmd.exe /c ">>"X:\diskpart.txt" echo FORMAT QUICK FS=NTFS LABEL="Recovery" SIZE=2000"
9
cmd.exe /c ">>"X:\diskpart.txt" echo SET ID="de94bba4-06d1-4d40-a16a-bfd50179d6ac""
10
cmd.exe /c ">>"X:\diskpart.txt" echo GPT ATTRIBUTES=0x8000000000000001"
11
cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION PRIMARY SIZE=80000"
12
cmd.exe /c ">>"X:\diskpart.txt" echo FORMAT QUICK FS=NTFS LABEL="Windows""
13
cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION PRIMARY"
14
cmd.exe /c ">>"X:\diskpart.txt" echo FORMAT QUICK FS=NTFS LABEL="Sweetcade""
15
cmd.exe /c ">>"X:\diskpart.log" diskpart.exe /s "X:\diskpart.txt""
16
cmd.exe /c ">>"X:\disable-defender.cmd" echo @ECHO OFF"
17
cmd.exe /c ">>"X:\disable-defender.cmd" echo SET file=C:\$Windows.~BT\NewOS\Windows\System32\config\SYSTEM"
18
cmd.exe /c ">>"X:\disable-defender.cmd" echo FOR /L ^%^%i IN (0) DO ("
19
cmd.exe /c ">>"X:\disable-defender.cmd" echo CALL :sleep"
20
cmd.exe /c ">>"X:\disable-defender.cmd" echo IF EXIST ^%file^% ("
21
cmd.exe /c ">>"X:\disable-defender.cmd" echo CALL :load"
22
cmd.exe /c ">>"X:\disable-defender.cmd" echo FOR ^%^%s IN (Sense WdBoot WdFilter WdNisDrv WdNisSvc WinDefend) DO reg.exe ADD HKLM\mount\ControlSet001\Services\^%^%s /v Start /t REG_DWORD /d 4 /f"
23
cmd.exe /c ">>"X:\disable-defender.cmd" echo reg.exe UNLOAD HKLM\mount"
24
cmd.exe /c ">>"X:\disable-defender.cmd" echo EXIT ) )"
25
cmd.exe /c ">>"X:\disable-defender.cmd" echo GOTO :eof"
26
cmd.exe /c ">>"X:\disable-defender.cmd" echo :load"
27
cmd.exe /c ">>"X:\disable-defender.cmd" echo reg.exe LOAD HKLM\mount ^%file^%"
28
cmd.exe /c ">>"X:\disable-defender.cmd" echo IF ^%errorlevel^% GTR 0 GOTO load"
29
cmd.exe /c ">>"X:\disable-defender.cmd" echo GOTO :eof"
30
cmd.exe /c ">>"X:\disable-defender.cmd" echo :sleep"
31
cmd.exe /c ">>"X:\disable-defender.cmd" echo ping.exe -n 1 127.0.0.1 ^> NUL"
32
cmd.exe /c ">>"X:\disable-defender.cmd" echo GOTO :eof"
33
cmd.exe /c "start /MIN X:\disable-defender.cmd"
1
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f
2
reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"
3
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Runonce" /v "UninstallCopilot" /t REG_SZ /d "powershell.exe -NoProfile -Command \"Get-AppxPackage -Name 'Microsoft.Windows.Ai.Copilot.Provider' | Remove-AppxPackage;\"" /f
4
reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f
5
reg.exe unload "HKU\DefaultUser"
6
reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate" /f
7
reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"
8
reg.exe add "HKU\DefaultUser\Software\Microsoft\Notepad" /v ShowStoreBanner /t REG_DWORD /d 0 /f
9
reg.exe unload "HKU\DefaultUser"
10
cmd.exe /c "del "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk""
11
cmd.exe /c "del "C:\Windows\System32\OneDriveSetup.exe""
12
cmd.exe /c "del "C:\Windows\SysWOW64\OneDriveSetup.exe""
13
reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"
14
reg.exe delete "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run" /v OneDriveSetup /f
15
reg.exe unload "HKU\DefaultUser"
16
reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate" /f
17
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f
18
powershell.exe -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;"
19
powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-packages.ps1' -Raw | Invoke-Expression;"
20
powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-caps.ps1' -Raw | Invoke-Expression;"
21
powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-features.ps1' -Raw | Invoke-Expression;"
22
reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f
23
reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_ProviderSet /t REG_DWORD /d 1 /f
24
reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_WinningProvider /t REG_SZ /d B5292708-1619-419B-9923-E5D9F3925E71 /f
25
reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f
26
reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins_LastWrite /t REG_DWORD /d 1 /f
27
net.exe accounts /lockoutthreshold:0
28
net.exe accounts /maxpwage:UNLIMITED
29
regini.exe "%TEMP%\disable-defender.ini"
30
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v LongPathsEnabled /t REG_DWORD /d 1 /f
31
powershell.exe -NoProfile -Command "Set-ExecutionPolicy -Scope 'LocalMachine' -ExecutionPolicy 'RemoteSigned' -Force;"
32
fsutil.exe behavior set disableLastAccess 1
33
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f
34
reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"
35
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f
36
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f
37
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f
38
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f
39
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f
40
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f
41
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f
42
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f
43
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f
44
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f
45
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f
46
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f
47
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f
48
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f
49
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f
50
reg.exe unload "HKU\DefaultUser"
51
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 0 /f
0409:00000409
en-US
en-US
en-US
Sweetcade
Administrators
<![CDATA[true</PlainText>
</Password>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Username>Sweetcade</Username>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Password>
<Value></Value>
<PlainText>true</PlainText>
</Password>
</AutoLogon>
<OOBE>
<ProtectYourPC>3</ProtectYourPC>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
</OOBE>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<Extensions xmlns="https://schneegans.de/windows/unattend-generator/">
<ExtractScript>
param(
[xml] $Document
);
$scriptsDir = 'C:\Windows\Setup\Scripts\';
foreach( $file in $Document.unattend.Extensions.File ) {
$path = [System.Environment]::ExpandEnvironmentVariables(
$file.GetAttribute( 'path' )
);
if( $path.StartsWith( $scriptsDir ) ) {
mkdir -Path $scriptsDir -ErrorAction 'SilentlyContinue';
}
$encoding = switch( [System.IO.Path]::GetExtension( $path ) ) {
{ $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; }
{ $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); }
default { [System.Text.Encoding]::Default; }
};
[System.IO.File]::WriteAllBytes( $path, ( $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() ) ) );
}
</ExtractScript>
<File path="C:\Windows\Temp\remove-packages.ps1">
$selectors = @(
'Microsoft.Microsoft3DViewer';
'Microsoft.BingSearch';
'Microsoft.WindowsCalculator';
'Microsoft.WindowsCamera';
'Clipchamp.Clipchamp';
'Microsoft.WindowsAlarms';
'Microsoft.549981C3F5F10';
'Microsoft.Windows.DevHome';
'MicrosoftCorporationII.MicrosoftFamily';
'Microsoft.WindowsFeedbackHub';
'Microsoft.GetHelp';
'Microsoft.Getstarted';
'microsoft.windowscommunicationsapps';
'Microsoft.WindowsMaps';
'Microsoft.BingNews';
'Microsoft.WindowsNotepad';
'Microsoft.MicrosoftOfficeHub';
'Microsoft.Office.OneNote';
'Microsoft.OutlookForWindows';
'Microsoft.Paint';
'Microsoft.MSPaint';
'Microsoft.People';
'Microsoft.Windows.Photos';
'Microsoft.PowerAutomateDesktop';
'MicrosoftCorporationII.QuickAssist';
'Microsoft.SkypeApp';
'Microsoft.ScreenSketch';
'Microsoft.MicrosoftSolitaireCollection';
'Microsoft.MicrosoftStickyNotes';
'MSTeams';
'Microsoft.Todos';
'Microsoft.WindowsSoundRecorder';
'Microsoft.BingWeather';
'Microsoft.WindowsTerminal';
'Microsoft.Xbox.TCUI';
'Microsoft.XboxApp';
'Microsoft.XboxGameOverlay';
'Microsoft.XboxGamingOverlay';
'Microsoft.XboxIdentityProvider';
'Microsoft.XboxSpeechToTextOverlay';
'Microsoft.GamingApp';
'Microsoft.YourPhone';
'Microsoft.ZuneMusic';
'Microsoft.ZuneVideo';
);
$getCommand = { Get-AppxProvisionedPackage -Online; };
$filterCommand = { $_.DisplayName -eq $selector; };
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction 'Continue';
}
};
$type = 'Package';
$logfile = 'C:\Windows\Temp\remove-packages.log';
& {
$installed = & $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | & $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *>&1 >> $logfile;
</File>
<File path="C:\Windows\Temp\remove-caps.ps1">
$selectors = @(
'Browser.InternetExplorer';
'MathRecognizer';
'Microsoft.Windows.Notepad';
'OpenSSH.Client';
'Microsoft.Windows.MSPaint';
'Microsoft.Windows.PowerShell.ISE';
'App.Support.QuickAssist';
'Microsoft.Windows.SnippingTool';
'App.StepsRecorder';
'Media.WindowsMediaPlayer';
'Microsoft.Windows.WordPad';
);
$getCommand = { Get-WindowsCapability -Online; };
$filterCommand = { ($_.Name -split '~')[0] -eq $selector; };
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue';
}
};
$type = 'Capability';
$logfile = 'C:\Windows\Temp\remove-caps.log';
& {
$installed = & $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | & $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *>&1 >> $logfile;
</File>
<File path="C:\Windows\Temp\remove-features.ps1">
$selectors = @(
'Microsoft-SnippingTool';
);
$getCommand = { Get-WindowsOptionalFeature -Online; };
$filterCommand = { $_.FeatureName -eq $selector; };
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Disable-WindowsOptionalFeature -Online -Remove -NoRestart -ErrorAction 'Continue';
}
};
$type = 'Feature';
$logfile = 'C:\Windows\Temp\remove-features.log';
& {
$installed = & $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | & $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *>&1 >> $logfile;
</File>
<File path="C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml"><![CDATA[
<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<StartLayout GroupCellWidth="6" xmlns="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" />
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]]]><![CDATA[></File>
<File path="%TEMP%\disable-defender.ini">
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
"Start" = REG_DWORD 4
</File>
</Extensions>
</unattend>]]></plaintext></password></localaccount></localaccounts></useraccounts></component></settings></unattend>