Silent windows 10 for Malware Analysis

9 May 2018

sc stop DiagTrack

sc stop diagnosticshub.standardcollector.service

sc stop dmwappushservice

sc stop WMPNetworkSvc

sc stop WSearch

sc stop wuauserv

 

sc config DiagTrack start= disabled

sc config diagnosticshub.standardcollector.service start= disabled

sc config dmwappushservice start= disabled

sc config WMPNetworkSvc start= disabled

sc config WSearch start= disabled

sc config wuauserv start= disabled

 

 

schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable

schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable

schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable

schtasks /Change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /Disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /Disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader" /Disable

schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyUpload" /Disable

schtasks /Change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn" /Disable

schtasks /Change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack" /Disable

schtasks /Change /TN "Microsoft\Office\Office 15 Subscription Heartbeat" /Disable

 

schtasks /Change /TN "Microsoft\Windows\Autochk\Proxy" /Disable

schtasks /Change /TN "Microsoft\Windows\CloudExperienceHost\CreateObjectTask" /Disable

schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable

schtasks /Change /TN "Microsoft\Windows\WindowsUpdate\Automatic App Update" /Disable

 

@rem *** Telemetry i Data Collection ***

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v PreventDeviceMetadataFromNetwork /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d 0 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger" /v "Start" /t REG_DWORD /d 0 /f

 

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v Enabled /t REG_DWORD /d 0 /f

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f

reg add "HKCU\Control Panel\International\User Profile" /v HttpAcceptLanguageOptOut /t REG_DWORD /d 1 /f

 

reg add "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /v UxOption /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /v DODownloadMode /t REG_DWORD /d 0 /f

 

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU " /v NoAutoUpdate /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"     /f /v AUOptions /t reg_dword /d 2

 

REM reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t REG_DWORD /d 1 /f

 

REM reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t REG_DWORD /d 1 /f

reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t  REG_DWORD /d 0 /f

reg add HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU     /f /v ScheduledInstallDay /t reg_dword /d 0

 

 

REM *** usunięcie OneDrive ***

start /wait "" "%SYSTEMROOT%\SYSWOW64\ONEDRIVESETUP.EXE" /UNINSTALL

rd C:\OneDriveTemp /Q /S >NUL 2>&1

rd "%USERPROFILE%\OneDrive" /Q /S >NUL 2>&1

rd "%LOCALAPPDATA%\Microsoft\OneDrive" /Q /S >NUL 2>&1

rd "%PROGRAMDATA%\Microsoft OneDrive" /Q /S >NUL 2>&1

reg add "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder" /f /v Attributes /t REG_DWORD /d 0 >NUL 2>&1

reg add "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder" /f /v Attributes /t REG_DWORD /d 0 >NUL 2>&1

start /wait TASKKILL /F /IM explorer.exe

start explorer.exe