Styris
/
AME-11
0
0
Fork 0
Code Issues 9 Pull Requests 0 Projects 1 Releases 4 Wiki Activity
Browse Source

General Improvements

review
Joe 1 year ago
parent
d8d2366f1d
commit
ee65c1788e
19 changed files with 415 additions and 148 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +12
    -11
      21H1-22H2_PB/Configuration/custom.yml
  2. +31
    -0
      21H1-22H2_PB/Configuration/features/base/components.yml
  3. +149
    -94
      21H1-22H2_PB/Configuration/features/base/files.yml
  4. +103
    -28
      21H1-22H2_PB/Configuration/features/base/services.yml
  5. +79
    -0
      21H1-22H2_PB/Configuration/features/base/servicesOld.yml
  6. +1
    -1
      21H1-22H2_PB/Executables/APPX.bat
  7. +2
    -2
      21H1-22H2_PB/Executables/CHOC.bat
  8. +2
    -1
      21H1-22H2_PB/Executables/DNET.bat
  9. +3
    -1
      21H1-22H2_PB/Executables/FIREFOXCONF.bat
  10. +20
    -5
      21H1-22H2_PB/Executables/REGI.bat
  11. +1
    -0
      21H1-22H2_PB/Executables/SHRT.bat
  12. +10
    -3
      21H1-22H2_PB/Executables/SLNT.bat
  13. +1
    -1
      21H1-22H2_PB/Executables/UI.bat
  14. BIN
      21H1-22H2_PB/Executables/UsrClass.dat
  15. +1
    -1
      21H1-22H2_PB/Executables/WALLPAPER.bat
  16. BIN
      Shared_PB/Executables/AME-Firefox-Injection/3647222921wleabcEoxlt-eengsairo.sqlite
  17. BIN
      Shared_PB/Executables/Fluent-AME.skin7
  18. BIN
      Shared_PB/Executables/ame-assassin/ame-assassin.exe
  19. BIN
      Shared_PB/Executables/microsoft-windows-netfx3-ondemand-package~31bf3856ad364e35~amd64~~.cab

+ 12
- 11
21H1-22H2_PB/Configuration/custom.yml View File

@ -4,14 +4,15 @@ description: Custom AME configuration
privilege: Admin
actions: []
features:
- features/base/base.yml
- features/base/components.yml
- features/base/files.yml
- features/base/login.yml
- features/base/shortcuts.yml
- features/base/silent.yml
- features/base/wallpaper.yml
- features/base/permission.yml
- features/base/admin.yml
- features/base/windowsterminal.yml
- features/base/choco.yml
- features\base\base.yml
- features\base\components.yml
- features\base\services.yml
- features\base\files.yml
- features\base\login.yml
- features\base\shortcuts.yml
- features\base\silent.yml
- features\base\permission.yml
- features\base\admin.yml
- features\base\windowsterminal.yml
- features\base\choco.yml
- features\base\wallpaper.yml

+ 31
- 0
21H1-22H2_PB/Configuration/features/base/components.yml View File

@ -2,6 +2,26 @@ title: Components
description: Remove certain windows components
privilege: TrustedInstaller
actions:
- !taskkill:
name: "MicrosoftEdgeUpdate"
- !taskkill:
name: "msedge"
- !taskkill:
name: "MicrosoftEdge*"
- !taskkill:
name: "setup"
pathContains: "\\Edge"
- !taskkill:
name: "msedgewebview2"
- !service:
name: "edgeupdate"
operation: delete
- !service:
name: "edgeupdatem"
operation: delete
- !service:
name: "MicrosoftEdgeElevationService"
operation: delete
- !run:
exeDir: true
exe: "EDGE.bat"
@ -10,6 +30,17 @@ actions:
exeDir: true
exe: "EDGEX.bat"
weight: 10
- !taskkill:
name: "OneDriveStandaloneUpdater"
- !taskkill:
name: "OneDriveSetup"
- !taskkill:
name: "OneDrive*"
- !service:
name: "OneSyncSvc*"
operation: delete
- !taskkill:
name: "explorer"
- !run:
exeDir: true
exe: "ONED.bat"


+ 149
- 94
21H1-22H2_PB/Configuration/features/base/files.yml View File

@ -2,77 +2,77 @@ title: Files
description: delete files
privilege: TrustedInstaller
actions:
- !run:
exeDir: true
exe: "SERV.bat"
- !cmd:
command: "taskkill /f /im explorer.exe"
- !cmd:
command: "taskkill /f /im msedge.exe"
# - !run:
# exeDir: true
# exe: "SERV.bat"
- !taskkill:
name: "explorer"
- !taskkill:
name: "msedge"
- !task:
path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Application Experience\\Microsoft Compatibility Appraiser"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Application Experience\\StartupAppTask"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Clip\\License Validation"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\HelloFace\\FODCleanupTask"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Maps\\MapsToastTask"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Maps\\MapsUpdateTask"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan Static Task"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\UpdateOrchestrator\\UpdateModelTask"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\UpdateOrchestrator\\USO_UxBroker"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cache Maintenance"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cleanup"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Scheduled Scan"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\Windows Defender\\Windows Defender Verification"
state: absent
operation: delete
- !task:
path: "\\Microsoft\\Windows\\WindowsUpdate\\Scheduled Start"
state: absent
operation: delete
- !taskkill:
name: "NisSrv"
- !taskkill:
name: "MicrosoftEdgeUpdate"
name: "SecurityHealthHost"
- !taskkill:
name: "SecurityHealthService"
- !taskkill:
@ -99,6 +99,32 @@ actions:
path: "%windir%\\System32\\SecurityHealthSSO.dll"
- !file:
path: "%windir%\\System32\\smartscreenps.dll"
- !file:
path: "%windir%\\System32\\wlidsvc.dll"
- !file:
path: "%windir%\\System32\\WpcDesktopMonSvc.dll"
- !file:
path: "%windir%\\System32\\flightsettings.dll"
- !file:
path: "%windir%\\System32\\drivers\\cldflt.sys"
- !file:
path: "%windir%\\System32\\WebThreatDefSvc"
- !file:
path: "%windir%\\System32\\webthreatdefsvc.dll"
- !file:
path: "%windir%\\System32\\en-US\\webthreatdefsvc.dll.mui"
- !file:
path: "%windir%\\System32\\webthreatdefusersvc.dll"
- !file:
path: "%windir%\\System32\\en-US\\webthreatdefusersvc.dll.mui"
- !file:
path: "%windir%\\System32\\AgentService.exe"
- !file:
path: "%windir%\\System32\\InstallService.dll"
- !file:
path: "%windir%\\System32\\cloudidsvc.dll"
- !file:
path: "%windir%\\System32\\devicecensus.exe"
- !file:
path: "%ProgramFiles(x86)%\\Windows Media Player"
- !file:
@ -115,6 +141,12 @@ actions:
path: "%windir%\\System32\\SecurityHealthHost.exe"
- !file:
path: "%windir%\\System32\\SecurityHealthAgent.dll"
- !file:
path: "%windir%\\System32\\SecurityHealthCore.dll"
- !file:
path: "%windir%\\System32\\SecurityHealthProxyStub.dll"
- !file:
path: "%windir%\\System32\\SecurityHealthUdk.dll"
- !file:
path: "%windir%\\System32\\wscsvc.dll"
- !file:
@ -126,6 +158,8 @@ actions:
- !file:
path: "%ProgramFiles(x86)%\\Windows Defender"
weight: 10
- !file:
path: "%windir%\\System32\\drivers\\WdNisDrv.sys"
- !file:
path: "%ProgramData%\\Microsoft OneDrive"
- !file:
@ -155,9 +189,11 @@ actions:
- !file:
path: "%ProgramW6432%\\Windows Defender Advanced Threat Protection"
- !file:
path: "C:\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows Defender Advanced Threat Protection"
- !file:
path: "%windir%\\System32\\MoNotificationUx.exe"
- !file:
path: "%windir%\\System32\\MoNotificationUxStub.exe"
- !file:
path: "%windir%\\System32\\MusNotifyIcon.exe"
- !file:
@ -172,8 +208,17 @@ actions:
path: "%windir%\\System32\\MusUxToastHandler.dll"
- !file:
path: "%windir%\\UUS"
# - !file:
# path: "%windir%\\SoftwareDistribution"
- !service:
name: "bits"
operation: stop
- !service:
name: "appidsvc"
operation: stop
- !service:
name: "cryptsvc"
operation: stop
- !file:
path: "%windir%\\SoftwareDistribution"
- !file:
path: "%windir%\\System32\\OOBE"
# - !file:
@ -210,15 +255,15 @@ actions:
- !file:
path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1"
- !file:
path: "C:\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
- !file:
path: "C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
- !file:
path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.cdxml"
- !file:
path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.cdxml"
- !file:
path: "C:\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
- !file:
path: "%windir%\\System32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\MSFT_AutologgerConfig_v1.0.format.ps1xml"
- !file:
@ -231,26 +276,34 @@ actions:
path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_add.reg"
- !file:
path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Provisioning\\provautologger_del.reg"
- !file:
path: "%windir%\\System32\\OneDriveSetup.exe"
- !file:
path: "%windir%\\SysWOW64\\OneDriveSetup.exe"
- !file:
path: "%windir%\\SysWOW64\\OneDriveSettingSyncProvider.dll"
- !file:
path: "%SystemDrive%\\OneDriveTemp"
- !file:
path: "%windir%\\System32\\IESettingSync.exe"
- !file:
path: "%windir%\\System32\\gamepanel.exe"
#- !file:
# path: "%windir%\\System32\\ClipSVC.dll"
#- !file:
# path: "%windir%\\System32\\en-US\\clipsvc.dll.mui"
- !file:
path: "C:\\ProgramData\\Microsoft\\Windows\\ClipSVC\\tokens.dat"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\ClipSVC\\tokens.dat"
- !file:
path: "C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat"
path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat"
- !file:
path: "C:\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat"
path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC\\tokens.dat"
- !file:
path: "C:\\ProgramData\\Microsoft\\Windows\\ClipSVC"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\ClipSVC"
- !file:
path: "C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC"
path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\ClipSVC"
- !file:
path: "C:\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC"
path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\ClipSVC"
- !file:
path: "%windir%\\System32\\ClipUp.exe"
- !file:
@ -352,17 +405,17 @@ actions:
- !file:
path: "%windir%\\DiagTrack\\Settings\\telemetry.ASM-WindowsDefault.json"
- !file:
path: "C:\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl"
- !file:
path: "C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl"
path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl"
- !file:
path: "C:\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
- !file:
path: "C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\Diagtrack-Listener.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\Autologger\\AutoLogger-Diagtrack-Listener.etl"
- !file:
path: "%windir%\\System32\\dmclient.exe"
- !file:
@ -446,47 +499,47 @@ actions:
- !file:
path: "%windir%\\System32\\MoUsoCoreWorker.exe"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
- !file:
path: "%windir%\\Prefetch\\MOUSOCOREWORKER.EXE-681A8FEE.pf"
- !file:
@ -494,47 +547,47 @@ actions:
- !file:
path: "%windir%\\System32\\MoUsoCoreWorker.exe"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
- !file:
path: "C:\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
path: "%SystemDrive%\\ProgramData\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
- !file:
path: "C:\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
path: "%SystemDrive%\\Users\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.2bdb351a-82b4-4f2c-bc55-ec328ca677be.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.4a695923-0852-4c25-9999-60bc09954fbe.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.5e2840a3-5955-481c-83b8-ddd64cdaa7ae.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.761c6d23-f36c-46be-bf3f-26ba35c4dcca.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.80c59111-3f67-46a5-9fd1-379f4b7c2f7d.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.86ba5ad4-3ec9-43cf-997e-568832e6e2b8.1.etl"
- !file:
path: "C:\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
path: "%SystemDrive%\\Documents and Settings\\All Users\\USOShared\\Logs\\System\\MoUsoCoreWorker.ab8bb825-292c-450d-ac06-03e39e89d684.1.etl"
- !file:
path: "%windir%\\Prefetch\\MOUSOCOREWORKER.EXE-681A8FEE.pf"
- !file:
@ -576,9 +629,9 @@ actions:
- !file:
path: "%windir%\\System32\\Tasks\\Microsoft\\Windows\\WaaSMedic\\PerformRemediation"
- !file:
path: "C:\\ProgramData\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"
- !file:
path: "C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"
path: "%SystemDrive%\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"
- !file:
path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\resources.pri"
- !file:
@ -588,7 +641,7 @@ actions:
- !file:
path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\\AppxSignature.p7x"
- !file:
path: "C:\\Documents and Settings\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"
path: "%SystemDrive%\\Documents and Settings\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"
- !file:
path: "%ProgramW6432%\\WindowsApps\\DeletedAllUserPackages\\Microsoft.WindowsMaps*"
- !file:
@ -670,13 +723,13 @@ actions:
- !file:
path: "%windir%\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdateLog.psm1"
- !file:
path: "C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk"
path: "%SystemDrive%\\Users\\Public\\Desktop\\Microsoft Edge.lnk"
- !file:
path: "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"
- !file:
path: "%APPDATA%\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"
- !file:
path: "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\PC Health Check.lnk"
path: "%SystemDrive%\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\PC Health Check.lnk"
- !file:
path: "%windir%\\System32\\wsqmcons.exe"
- !file:
@ -711,5 +764,7 @@ actions:
path: "%windir%\\System32\\wups2.dll"
- !file:
path: "%windir%\\System32\\wuaueng.dll"
- !file:
path: "%windir%\\System32\\MRT.exe"
- !file:
path: "%windir%\\System32\\calc.exe"

+ 103
- 28
21H1-22H2_PB/Configuration/features/base/services.yml View File

@ -1,79 +1,154 @@
title: services
description: services
privilege: Admin
privilege: TrustedInstaller
actions:
- !registry:
path: "HKLM\\System\\CurrentControlSet\\Services\\WdNisDrv"
operation: delete
- !registry:
path: "HKLM\\System\\CurrentControlSet001\\Services\\WdNisDrv"
operation: delete
- !registry:
path: "HKLM\\System\\CurrentControlSet\\Services\\WdNisSvc"
operation: delete
- !registry:
path: "HKLM\\System\\CurrentControlSet001\\Services\\WdNisSvc"
operation: delete
- !taskkill:
name: "devicecensus"
- !taskkill:
name: "UsoClient"
- !taskkill:
name: "devicecensus"
- !taskkill:
name: "MoUsoCoreWorker"
- !taskkill:
name: "wuauclt"
- !service:
name: "UsoSvc"
operation: delete
- !service:
name: "WaaSMedicSvc"
operation: delete
- !service:
name: "wuauserv"
operation: delete
- !service:
name: "WpcMonSvc"
operation: delete
- !service:
name: "WMPNetworkSvc"
operation: delete
- !service:
name: "StorSvc"
operation: delete
- !service:
name: "wisvc"
operation: delete
- !service:
name: "CldFlt"
operation: delete
device: true
- !service:
name: "Sense"
operation: delete
- !service:
name: "webthreatdefusersvc*"
operation: delete
- !service:
name: "webthreatdefsvc"
operation: delete
- !service:
name: "UevAgentService"
operation: delete
- !service:
name: "cloudidsvc"
operation: delete
- !taskkill:
name: "SecurityHealthSystray"
- !taskkill:
name: "SecurityHealthService"
- !service:
name: "SecurityHealthService"
operation: delete
- !service:
name: "wscsvc"
operation: delete
- !service:
name: "UsoSvc"
operation: delete
- !service:
name: "BITS"
operation: stop
- !service:
name: "DoSvc"
state: stop
operation: delete
- !service:
name: "iphlpsvc"
state: stop
operation: stop
- !service:
name: "Winmgmt"
state: stop
operation: stop
- !service:
name: "ClipSVC"
state: stop
operation: stop
- !service:
name: "DiagTrack"
state: stop
operation: delete
- !service:
name: "RetailDemo"
state: stop
operation: stop
- !service:
name: "diagnosticshub.standardcollector.service"
state: stop
operation: stop
- !service:
name: "dmwappushservice"
state: stop
operation: stop
- !service:
name: "InstallService"
state: stop
operation: delete
- !service:
name: "LicenseManager"
state: stop
operation: stop
- !service:
name: "lfsvc"
state: stop
operation: stop
- !service:
name: "MapsBroker"
state: stop
operation: stop
- !service:
name: "NetTcpPortSharing"
state: stop
operation: stop
- !service:
name: "RemoteAccess"
state: stop
operation: stop
- !service:
name: "RemoteRegistry"
state: stop
operation: stop
- !service:
name: "SharedAccess"
state: stop
operation: stop
- !service:
name: "StorSvc"
state: stop
operation: delete
- !service:
name: "TrkWks"
state: stop
- !service:
name: "UsoSvc"
state: stop
operation: stop
- !service:
name: "WbioSrvc"
state: stop
operation: stop
- !service:
name: "WMPNetworkSvc"
state: stop
operation: delete
- !service:
name: "XblAuthManager"
state: stop
operation: stop
- !service:
name: "XblGameSave"
state: stop
operation: stop
- !service:
name: "XboxNetApiSvc"
state: stop
operation: stop
- !service:
name: "wlidsvc"
state: stop
operation: delete

+ 79
- 0
21H1-22H2_PB/Configuration/features/base/servicesOld.yml View File

@ -0,0 +1,79 @@
title: services
description: services
privilege: Admin
actions:
- !service:
name: "DoSvc"
operation: stop
- !service:
name: "iphlpsvc"
operation: stop
- !service:
name: "Winmgmt"
operation: stop
- !service:
name: "ClipSVC"
operation: stop
- !service:
name: "DiagTrack"
operation: stop
- !service:
name: "RetailDemo"
operation: stop
- !service:
name: "diagnosticshub.standardcollector.service"
operation: stop
- !service:
name: "dmwappushservice"
operation: stop
- !service:
name: "InstallService"
operation: stop
- !service:
name: "LicenseManager"
operation: stop
- !service:
name: "lfsvc"
operation: stop
- !service:
name: "MapsBroker"
operation: stop
- !service:
name: "NetTcpPortSharing"
operation: stop
- !service:
name: "RemoteAccess"
operation: stop
- !service:
name: "RemoteRegistry"
operation: stop
- !service:
name: "SharedAccess"
operation: stop
- !service:
name: "StorSvc"
operation: stop
- !service:
name: "TrkWks"
operation: stop
- !service:
name: "UsoSvc"
operation: stop
- !service:
name: "WbioSrvc"
operation: stop
- !service:
name: "WMPNetworkSvc"
operation: stop
- !service:
name: "XblAuthManager"
operation: stop
- !service:
name: "XblGameSave"
operation: stop
- !service:
name: "XboxNetApiSvc"
operation: stop
- !service:
name: "wlidsvc"
operation: stop

+ 1
- 1
21H1-22H2_PB/Executables/APPX.bat View File

@ -21,7 +21,7 @@ ame-assassin -Family *Microsoft.WindowsStore*
ame-assassin -Family *StorePurchaseApp*
ame-assassin -Family *MicrosoftOfficeHub*
ame-assassin -Family *Paint*
::ame-assassin -Family *Paint*
ame-assassin -Family *wallet*
ame-assassin -Family *OneNote*
ame-assassin -Family *Microsoft.People*


+ 2
- 2
21H1-22H2_PB/Executables/CHOC.bat View File

@ -2,8 +2,8 @@ cd Executables
reg query "HKLM\SOFTWARE\Clients\StartMenuInternet" /k /f "Firefox-" > "%TEMP%\Firefox-Reg-Output.txt"
@PowerShell -NoP -ExecutionPolicy Bypass -C "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && set "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
@PowerShell -NoP -ExecutionPolicy Bypass -C "choco install -y --force --allow-empty-checksums firefox thunderbird vlc 7zip jpegview vcredist-all directx onlyoffice cascadiamono"
set "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
choco install -y --force --allow-empty-checksums firefox thunderbird vlc 7zip jpegview vcredist-all directx onlyoffice cascadiamono
:: Load Open-Shell menu
PowerShell -NoP -C "(New-Object -ComObject wscript.shell).SendKeys('^{ESCAPE}')"


+ 2
- 1
21H1-22H2_PB/Executables/DNET.bat View File

@ -1 +1,2 @@
dism /online /enable-feature /featurename:NetFX3 /All /Source:Executables /LimitAccess
@PowerShell -NoP -ExecutionPolicy Bypass -C "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && set "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
::choco install -y --allow-empty-checksums dotnet3.5

+ 3
- 1
21H1-22H2_PB/Executables/FIREFOXCONF.bat View File

@ -103,7 +103,9 @@ echo. & echo Injecting profile...
:: This could also be set manually in the profiles.ini file
mkdir "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%"
robocopy "%~dp0\AME-Firefox-Injection" "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%" /E > NUL
robocopy "%~dp0\AME-Firefox-Injection" "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%" /E /xf "3647222921wleabcEoxlt-eengsairo.sqlite" > NUL
mkdir "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%\storage\default\moz-extension+++41087662-660a-4251-8c0c-38aa4da5b325^userContextId=4294967295\idb"
copy /y "%~dp0\AME-Firefox-Injection\3647222921wleabcEoxlt-eengsairo.sqlite" "%~1\Mozilla\Firefox\Profiles\%RNDStr%.%profileName%\storage\default\moz-extension+++41087662-660a-4251-8c0c-38aa4da5b325^userContextId=4294967295\idb"
:: Sets profile as the default
echo [Install%NewCode%]>> "%~1\Mozilla\Firefox\profiles.ini"


+ 20
- 5
21H1-22H2_PB/Executables/REGI.bat View File

@ -1,3 +1,4 @@
cd Executables
@echo OFF
for /f "usebackq delims=" %%A in (`dir /b /a:d "%SYSTEMDRIVE%\Users" ^| findstr /V /I /X /c:"Public" /c:"Default User" /c:"All Users"`) do (
@ -87,7 +88,7 @@ reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreen
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /f
:: New Control Panel cleanup - List of commands: https://winaero.com/ms-settings-commands-in-windows-10/
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /t REG_SZ /d "showonly:display;nightlight;sound;notifications;quiethours;powersleep;batterysaver;tabletmode;multitasking;clipboard;remote-desktop;about;bluetooth;connecteddevices;printers;mousetouchpad;devices-touchpad;typing;pen;autoplay;usb;network-status;network-cellular;network-wifi;network-wificalling;network-wifisettings;network-ethernet;network-dialup;network-vpn;network-airplanemode;network-mobilehotspot;datausage;network-proxy;personalization-background;personalization-start;fonts;colors;lockscreen;themes;taskbar;defaultapps;videoplayback;startupapps;dateandtime;regionformatting;gaming;gamemode;easeofaccess-display;easeofaccess-colorfilter;easeofaccess-audio;easeofaccess-easeofaccess-narrator;easeofaccess-magnifier;easeofaccess-highcontrast;easeofaccess-closedcaptioning;easeofaccess-speechrecognition;easeofaccess-eyecontrol;easeofaccess-keyboard;easeofaccess-mouse" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /t REG_SZ /d "showonly:display;nightlight;sound;notifications;quiethours;powersleep;batterysaver;tabletmode;multitasking;clipboard;remote-desktop;about;bluetooth;connecteddevices;printers;mousetouchpad;devices-touchpad;typing;pen;autoplay;usb;network-status;network-cellular;network-wifi;network-wificalling;network-wifisettings;network-ethernet;network-dialup;network-vpn;network-airplanemode;network-mobilehotspot;datausage;network-proxy;personalization-background;personalization-start;fonts;personalization-colors;colors;lockscreen;themes;taskbar;defaultapps;videoplayback;startupapps;dateandtime;regionformatting;gaming;gamemode;easeofaccess-display;easeofaccess-colorfilter;easeofaccess-audio;easeofaccess-easeofaccess-narrator;easeofaccess-magnifier;easeofaccess-highcontrast;easeofaccess-closedcaptioning;easeofaccess-speechrecognition;easeofaccess-eyecontrol;easeofaccess-keyboard;easeofaccess-mouse" /f
:: Decrease shutdown time
reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v WaitToKillServiceTimeout /t REG_SZ /d 2000 /f
@ -195,6 +196,8 @@ reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v Enab
reg delete "HKCR\certificate_wab_auto_file" /f
reg delete "HKCR\wab_auto_file" /f
NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\contact_wab_auto_file" /f
NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\group_wab_auto_file" /f
NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\vcard_wab_auto_file" /f
NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\WAB.AssocProtocol.LDAP" /f
NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "HKCR\TIFImage.Document" /f
@ -202,6 +205,15 @@ NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait reg delete "H
:: Remove Windows Media Player from default apps list
NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait CMD /c "for /f "usebackq delims=" %%A in (`reg query "HKCR" /f "WMP11*" ^| findstr /c:"WMP11"`) do reg delete "%%A" /f"
@echo off
for /f "usebackq delims=" %%A in (`reg query "HKCR" /k /f "AppX" ^| findstr /c:"AppX"`) do (
reg query "%%A" /v "" | findstr /c:"DesktopStickerEditorCentennial" /c:"LogonWebHost" > NUL
if not errorlevel 1 (
echo reg delete "%%A" /f
reg delete "%%A" /f
)
)
@echo on
:: Make Ti explorer nicer
reg add "HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f
@ -210,9 +222,9 @@ reg add "HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advance
reg add "HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowTaskViewButton /t REG_DWORD /d 0 /f
:: Disable News and Interests
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests" /v AllowNewsAndInterests /t REG_DWORD /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" /v EnableFeeds /t REG_DWORD /d 0
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" /v EnableFeeds /t REG_DWORD /d 0 /f
:: Removes MpOAV.dll link
::NSudoLC -U:T -P:E -M:S -Priority:RealTime -Wait reg delete "HKCR\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32" /f
@ -379,7 +391,7 @@ reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "Searchbox
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaConsent" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaInAmbientMode" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HistoryViewEnabled" /t REG_DWORD 0 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HistoryViewEnabled" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HasAboveLockTips" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" /v "SafeSearchMode" /t REG_DWORD /d 0 /f
@ -417,6 +429,9 @@ reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Setting
:: Disable "Let's Finish Setting Up Your Device" OOBE screen
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f
:: Disable item checkboxes
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "AutoCheckSelect" /t REG_DWORD /d 0 /f
@echo OFF
if "%~1"=="AME_UserHive_Default" (
echo copy /y "UsrClass.dat" "%SYSTEMDRIVE%\Users\Default\AppData\Local\Microsoft\Windows"


+ 1
- 0
21H1-22H2_PB/Executables/SHRT.bat View File

@ -18,6 +18,7 @@ for /f "usebackq delims=" %%A in (`dir /b /a:d "%SYSTEMDRIVE%\Users" ^| findstr
)
@echo ON
del /q /f "%SYSTEMDRIVE%\Users\Public\Desktop\Microsoft Edge.lnk"
del /q /f "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk"
for /f "usebackq tokens=2 delims=\" %%A in (`reg query "HKEY_USERS" ^| findstr /c:"S-" /c:"AME_UserHive_"`) do (


+ 10
- 3
21H1-22H2_PB/Executables/SLNT.bat View File

@ -18,7 +18,7 @@ for /f "usebackq tokens=2 delims=\" %%A in (`reg query "HKEY_USERS" ^| findstr /
OpenShellSetup_4_4_170.exe /qn /quiet ADDLOCAL=StartMenu
copy /y Fluent-Metro.skin "%PROGRAMFILES%\Open-Shell\Skins"
copy /y Fluent-Metro.skin7 "%PROGRAMFILES%\Open-Shell\Skins"
copy /y Fluent-AME.skin7 "%PROGRAMFILES%\Open-Shell\Skins"
@ -60,10 +60,10 @@ reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "StartScreenShortcut"
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SearchInternet" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "GlassOverride" /t REG_DWORD /d 1 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "GlassColor" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinW7" /t REG_SZ /d "Fluent-Metro" /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinW7" /t REG_SZ /d "Fluent-AME" /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinVariationW7" /t REG_SZ /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "ShiftWin" /t REG_SZ /d "Nothing" /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinOptionsW7" /t REG_MULTI_SZ /d "DARK_MAIN=0\0METRO_MAIN=0\0LIGHT_MAIN=0\0AUTOMODE_MAIN=1\0DARK_SUBMENU=0\0METRO_SUBMENU=\0LIGHT_SUBMENU=0\0AUTOMODE_SUBMENU=1\0SUBMENU_SEPARATORS=1\0DARK_SEARCH=0\0METRO_SEARCH=\0LIGHT_SEARCH=0\0AUTOMODE_SEARCH=1\0SEARCH_FRAME=1\0SEARCH_COLOR=0\0SMALL_SEARCH=0\0MOERN_SEARCH=1\0SEARCH_ITALICS=0\0NONE=0\0SEPARATOR=0\0TWO_TONE=1\0CLASSIC_SELECTOR=1\0HAF_SELECTOR=0\0CURVED_MENUSEL=1\0CURVED_SUBMENU=0\0SELECTOR_REVEAL=1\0TRANSPARENT=0\0OPAQU_SUBMENU=1\0OPAQUE_MENU=0\0OPAQUE=0\0STANDARD=0\0SMALL_MAIN2=1\0SMALL_ICONS=0\0COMPACT_UBMENU=0\0PRESERVE_MAIN2=0\0LESS_PADDING=0\0EXTRA_PADDING=1\024_PADDING=0\0LARGE_PROGRAMS0\0TRANSPARENT_SHUTDOWN=0\0OUTLINE_SHUTDOWN=0\0BUTTON_SHUTDOWN=1\0EXPERIMENTAL_SHUTDOWN=0\LARGE_FONT=0\0CONNECTED_BORDER=0\0FLOATING_BORDER=1\0LARGE_SUBMENU=0\0LARGE_LISTS=0\0THI_MAIN2=0\0EXPERIMENTAL_MAIN2=1\0USER_IMAGE=1\0USER_OUTSIDE=0\0SCALING_USER=1\056=0\064=\0TRANSPARENT_USER=0\0UWP_SCROLLBAR=0\0MODERN_SCROLLBAR=1\0SMALL_ARROWS=0\0ARROW_BACKGROUD=1\0ICON_FRAME=0\0SEARCH_SEPARATOR=0\0NO_PROGRAMS_BUTTON=0" /f
::reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkinOptionsW7" /t REG_MULTI_SZ /d "DARK_MAIN=0\0METRO_MAIN=0\0LIGHT_MAIN=0\0AUTOMODE_MAIN=1\0DARK_SUBMENU=0\0METRO_SUBMENU=\0LIGHT_SUBMENU=0\0AUTOMODE_SUBMENU=1\0SUBMENU_SEPARATORS=1\0DARK_SEARCH=0\0METRO_SEARCH=\0LIGHT_SEARCH=0\0AUTOMODE_SEARCH=1\0SEARCH_FRAME=1\0SEARCH_COLOR=0\0SMALL_SEARCH=0\0MOERN_SEARCH=1\0SEARCH_ITALICS=0\0NONE=0\0SEPARATOR=0\0TWO_TONE=1\0CLASSIC_SELECTOR=1\0HAF_SELECTOR=0\0CURVED_MENUSEL=1\0CURVED_SUBMENU=0\0SELECTOR_REVEAL=1\0TRANSPARENT=0\0OPAQU_SUBMENU=1\0OPAQUE_MENU=0\0OPAQUE=0\0STANDARD=0\0SMALL_MAIN2=1\0SMALL_ICONS=0\0COMPACT_UBMENU=0\0PRESERVE_MAIN2=0\0LESS_PADDING=0\0EXTRA_PADDING=1\024_PADDING=0\0LARGE_PROGRAMS0\0TRANSPARENT_SHUTDOWN=0\0OUTLINE_SHUTDOWN=0\0BUTTON_SHUTDOWN=1\0EXPERIMENTAL_SHUTDOWN=0\LARGE_FONT=0\0CONNECTED_BORDER=0\0FLOATING_BORDER=1\0LARGE_SUBMENU=0\0LARGE_LISTS=0\0THI_MAIN2=0\0EXPERIMENTAL_MAIN2=1\0USER_IMAGE=1\0USER_OUTSIDE=0\0SCALING_USER=1\056=0\064=\0TRANSPARENT_USER=0\0UWP_SCROLLBAR=0\0MODERN_SCROLLBAR=1\0SMALL_ARROWS=0\0ARROW_BACKGROUD=1\0ICON_FRAME=0\0SEARCH_SEPARATOR=0\0NO_PROGRAMS_BUTTON=0" /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "SkipMetro" /t REG_DWORD /d 1 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MenuItems7" /t REG_MULTI_SZ /d "Item1.Command=user_files\0Item1.Settings=NOEXPAND\0Item2.Command=user_documents\0Item2.Settings=NOEXPAND\0Item3.Command=user_pictures\0Item3.Settings=NOEXPAND\0Item4.Command=user_music\0Item4.Settings=NOEXPAND\0Item5.Command=user_videos\0Item5.Settings=NOEXPAND\0Item6.Command=downloads\0Item6.Settings=NOEXPAND\0Item7.Command=homegroup\0Item7.Settings=ITEM_DISABLED\0Item8.Command=separator\0Item9.Command=games\0Item9.Settings=TRACK_RECENT|NOEXPAND|ITEM_DISABLED\0Item10.Command=favorites\0Item10.Settings=ITEM_DISABLED\0Item11.Command=recent_documents\0Item12.Command=computer\0Item12.Settings=NOEXPAND\0Item13.Command=network\0Item13.Settings=ITEM_DISABLED\0Item14.Command=network_connections\0Item14.Settings=ITEM_DISABLED\0Item15.Command=separator\0Item16.Command=control_panel\0Item16.Settings=TRACK_RECENT\0Item17.Command=pc_settings\0Item17.Settings=TRACK_RECENT\0Item18.Command=admin\0Item18.Settings=TRACK_RECENT|ITEM_DISABLED\0Item19.Command=devices\0Item19.Settings=ITEM_DISABLED\0Item20.Command=defaults\0Item20.Settings=ITEM_DISABLED\0Item21.Command=help\0Item21.Settings=ITEM_DISABLED\0Item22.Command=run\0Item23.Command=apps\0Item23.Settings=ITEM_DISABLED\0Item24.Command=windows_security\0Item24.Settings=ITEM_DISABLED\0" /f
@ -71,6 +71,13 @@ reg add "HKU\%~1\SOFTWARE\OpenShell\OpenShell\Settings" /v "Update" /d 0 /t REG_
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "CheckWinUpdates" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "HighlightNew" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MaxRecentPrograms" /t REG_DWORD /d 5 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "EnableGlass" /t REG_DWORD /d 0 /f
reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MenuShadow" /t REG_DWORD /d 0 /f
::reg add "HKU\%~1\SOFTWARE\OpenShell\StartMenu\Settings" /v "MainMenuAnimationSpeed" /t REG_DWORD /d 150 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser" /v "ITBar7Layout" /t REG_BINARY /d 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 /f
@echo OFF


+ 1
- 1
21H1-22H2_PB/Executables/UI.bat View File

@ -60,7 +60,7 @@ reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "OrbStyle" /t REG_DWORD /D 1 /f
reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "FileExplorerCommandUI" /t REG_DWORD /D 2 /f
reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "StartUI_EnableRoundedCorners" /t REG_DWORD /D 1 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplorerExplorerPatcher" /v "StartUI_EnableRoundedCorners" /t REG_DWORD /D 2 /f
reg add "HKU\%~1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ExplorerPatcher" /v "StartUI_EnableRoundedCorners" /t REG_DWORD /D 1 /f
reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "ClockFlyoutOnWinC" /t REG_DWORD /D 1 /f
reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "DisableOfficeHotkeys" /t REG_DWORD /D 1 /f
reg add "HKU\%~1\SOFTWARE\ExplorerPatcher" /v "DisableWinFHotkey" /t REG_DWORD /D 1 /f


BIN
21H1-22H2_PB/Executables/UsrClass.dat View File


+ 1
- 1
21H1-22H2_PB/Executables/WALLPAPER.bat View File

@ -1,7 +1,7 @@
cd Executables
NSudoLC -U:T -P:E -M:S -Priority:RealTime -UseCurrentConsole -Wait icacls "%WINDIR%\Resources\Themes\aero.theme" /reset /t
PowerShell -NoP -C "(Get-Content '%WINDIR%\Resources\Themes\aero.theme') -replace 'Wallpaper=%%SystemRoot%%.*', 'Wallpaper=%%SystemRoot%%\web\wallpaper\Windows\ame_wallpaper_1440.bmp' | Set-Content '%WINDIR%\Resources\Themes\aero.theme'"
PowerShell -NoP -C "$Content = (Get-Content '%WINDIR%\Resources\Themes\aero.theme'); $Content = $Content -replace 'Wallpaper=%%SystemRoot%%.*', 'Wallpaper=%%SystemRoot%%\web\wallpaper\Windows\ame_wallpaper_1440.bmp'; $Content = $Content -replace 'SystemMode=.*', 'SystemMode=Dark'; $Content -replace 'AppMode=.*', 'AppMode=Light' | Set-Content '%WINDIR%\Resources\Themes\aero.theme'"
@echo OFF


BIN
Shared_PB/Executables/AME-Firefox-Injection/3647222921wleabcEoxlt-eengsairo.sqlite View File


BIN
Shared_PB/Executables/Fluent-Metro.skin7 → Shared_PB/Executables/Fluent-AME.skin7 View File


BIN
Shared_PB/Executables/ame-assassin/ame-assassin.exe View File


BIN
Shared_PB/Executables/microsoft-windows-netfx3-ondemand-package~31bf3856ad364e35~amd64~~.cab View File


Write Preview
Loading…
Cancel
Save