Disable Defender Antivirus boot driver

Works with Windows 10 and 11

Single action
Windows only
Impact: High
Batch (batchfile)
Fully reversible

Overview

This script disables the Windows Defender boot driver (WdBoot) to reduce system monitoring and enhance your privacy and control.

This driver is also known as:

Windows Defender Boot Driver ¹
Microsoft Defender Antivirus Boot Driver ²
Early Launch Anti-malware (ELAM) boot driver ³
Windows Defender ELAM Driver ⁴ ⁵
Microsoft antimalware boot driver ⁶
Early Launch Antimalware (ELAM) driver ⁷

Microsoft introduced this driver as a security feature in Windows 8 ⁴. As a default component in Windows, the driver comes pre-installed with the operating system ¹ ² ⁵. The driver serves as an integral part of both Defender Antivirus ⁵ ⁷ ⁸ ⁹ ¹⁰ and Defender for Endpoint ⁷ ⁸ ⁹. It functions as a component of Microsoft's anti-tampering mechanism that supports third-party security products ¹¹.

This driver starts before any other boot-start drivers begin running ⁷ ¹¹ ¹². It can also become operational through Limited Periodic Scanning ¹³. Once active, it assists the Windows kernel in determining whether other drivers are safe to run ⁷.

The driver supports Early Launch Anti-malware (ELAM) ⁵. ELAM is a feature that allows antimalware software to start before other third-party components ¹². ELAM can load an anti-malware driver before other non-Microsoft boot drivers and applications ⁵. It protects the system by helping to preserve the chain of trust established by Secure Boot and Trusted Boot ⁵. ELAM works as follows:

Antimalware drivers load first and can block unknown drivers from starting ¹²
ELAM examines every boot driver to check if it's on the list of trusted drivers ⁵
If a driver is not trusted, Windows will not load it ⁵
After boot drivers start and storage becomes available, antimalware software continues blocking malware ¹²

The driver monitors the Windows boot process by:

Checking other drivers before they can start during Windows boot ⁴ ⁵ ⁷ ¹⁴
Verifying driver certificates and hashes against its database ³ ⁴ ¹¹ ¹⁴
Managing a malware signature database ³ ¹² ¹⁴
Monitoring and rolling back changes to Defender's main driver (WdFilter.sys) as temper protection ³ ⁴ ⁵ ¹¹
Storing information for later analysis ⁴ ¹⁴
Notifying other components ³ ⁴ ⁵ like WdFilter.sys ³ ⁴

This script improves privacy by:

Reduces system monitoring during boot
Allows deeper system modifications ⁵ to increase privacy such as disabling Defender
Prevents Microsoft from controlling which processes can run with antimalware protection ¹¹

This script may improve system performance by:

Improving boot time by removing additional verification steps
Preventing system crashes (Blue Screen of Death) associated with this driver ¹⁵

However, this script may reduce security in the following ways:

Reducing protection against malicious boot drivers ⁵
Removing early-boot malware detection ¹¹ ¹² ¹⁴
Creating an unsupported system configuration ⁸ ⁹ that may cause stability issues ¹⁶

Caution

Disabling this feature removes security checks during system startup, which could may malicious software to run during boot.

Technical Details

This driver installs as part of the Windows-Defender-Drivers package ¹⁷.

This script:

Disables the wdboot service ¹ ² ⁸ ⁹
Removes driver files from:
- %SYSTEMROOT%\System32\drivers\WdBoot.sys ¹ ² ³ ⁶ ¹⁰ ¹⁴ ¹⁸
- C:\Windows\ELAMBKUP\WdBoot.sys ⁷
Removes registry configuration at HKLM\SYSTEM\CurrentControlSet\Control\EarlyLaunch!BackupPath ⁷
Deletes signature database at %SYSTEMROOT%\System32\Config\elam ¹⁴

On older systems, this driver file may be found at %SYSTEMROOT%\System32\drivers\wd\WdBoot.sys ¹⁵ ¹⁸

Overview of default service statuses

OS Version	Status	Start type
Windows 10 (≥ 22H2)	🔴 Stopped	Boot
Windows 11 (≥ 23H2)	🔴 Stopped	Boot

Not Advised
This script should only be used by advanced users.
This script is not recommended for daily use as it breaks important functionality.
Consider creating a system restore point before doing any changes.
Security Trade-off
This action prioritizes privacy over certain security features. It's not recommended and should only be used by advanced users after understanding its implications.
Increased Privacy
Enhanced privacy through reduced data collection and tracking
Decreased Security
Some security features will be disabled or limited
This script can be reversed, this allows you to restore the default system security.

Sources

PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.

Windows Defender Boot Driver - Windows 8 Service - batcmd.com. batcmd.com. (2024).
Original: https://batcmd.com/windows/8/services/wdboot
Archived: https://archive.ph/2024.10.27-165733/https://batcmd.com/windows/8/services/wdboot/
Microsoft Defender Antivirus Boot Driver - Windows 11 Service - batcmd.com. batcmd.com. (2024).
Original: https://batcmd.com/windows/11/services/wdboot
Archived: https://archive.ph/2024.10.27-165849/https://batcmd.com/windows/11/services/wdboot/
10_0_22622_601/C/Windows/System32/drivers/WdBoot.sys.strings at c598035e1a6627384d646140fe9e4d234b36b11d · privacysexy-forks/10_0_22622_601. github.com. (2024).
Original: https://github.com/privacysexy-forks/10_0_22622_601/blob/c598035e1a6627384d646140fe9e4d234b36b11d/C/Windows/System32/drivers/WdBoot.sys.strings
Archived: https://archive.ph/2024.10.27-165804/https://github.com/privacysexy-forks/10_0_22622_601/blob/c598035e1a6627384d646140fe9e4d234b36b11d/C/Windows/System32/drivers/WdBoot.sys.strings
Understanding WdBoot (Windows Defender ELAM) :: Up is Down and Black is White — n4r1b. n4r1b.netlify.app. (2024).
Original: https://n4r1b.netlify.app/posts/2019/11/understanding-wdboot-windows-defender-elam
Archived: https://archive.ph/2024.10.27-165818/https://n4r1b.netlify.app/posts/2019/11/understanding-wdboot-windows-defender-elam/
Control the health of Windows devices. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices
Archived: https://archive.ph/2024.10.27-170051/https://learn.microsoft.com/en-us/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices
What is wdboot.sys from Microsoft Corporation? (id:15452761). systemexplorer.net. (2024).
Original: https://systemexplorer.net/file-database/file/wdboot-sys/15452761
Archived: https://archive.ph/2024.10.27-165826/https://systemexplorer.net/file-database/file/wdboot-sys/15452761
Early Launch Antimalware (ELAM) and Microsoft Defender Antivirus - Microsoft Defender for Endpoint. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/defender-endpoint/elam-on-mdav
Archived: https://archive.ph/2024.10.27-165922/https://learn.microsoft.com/en-us/defender-endpoint/elam-on-mdav
Troubleshoot Microsoft Defender for Endpoint onboarding issues - Microsoft Defender for Endpoint. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-onboarding
Archived: https://web.archive.org/web/20240717094647/https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-onboarding
Troubleshoot Microsoft Defender Antivirus while migrating from a non-Microsoft solution - Microsoft Defender for Endpoint. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating
Archived: https://archive.ph/2024.10.27-165840/https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating
ELAM Driver. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/archive/blogs/dubaisec/elam-driver
Archived: https://archive.ph/2024.10.27-165901/https://learn.microsoft.com/en-us/archive/blogs/dubaisec/elam-driver
Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem. Matt Graeber. PowerPoint Presentation. i.blackhat.com. (2024).
Original: https://i.blackhat.com/USA-22/Thursday/US-22-Graeber-Living-Off-the-Walled-Garden.pdf
Archived: https://web.archive.org/web/20241202100509/https://i.blackhat.com/USA-22/Thursday/US-22-Graeber-Living-Off-the-Walled-Garden.pdf
Overview of Early Launch AntiMalware - Windows drivers. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
Archived: https://archive.ph/2024.10.27-165810/https://learn.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
Why Is Windows Defender Running Alongside my Antivirus Program? » Winhelponline. www.winhelponline.com. (2024).
Original: https://www.winhelponline.com/blog/windows-defender-running-alongside-antivirus-program-limited-periodic-scanning
Archived: https://archive.ph/2024.10.27-165901/https://www.winhelponline.com/blog/windows-defender-running-alongside-antivirus-program-limited-periodic-scanning/
ELAM: The Windows Defender ELAM Driver. hal.science. (2023).
Original: https://hal.science/hal-03088315/document
Archived: https://web.archive.org/web/20230731224608/https://hal.science/hal-03088315/document
WDBoot.sys BSOD - SmartDeploy Enterprise - DeployCentral. www.deploycentral.com. (2024).
Original: https://www.deploycentral.com/topic/1131-wdbootsys-bsod
Archived: https://archive.ph/2024.10.27-165906/https://www.deploycentral.com/topic/1131-wdbootsys-bsod/
Help repairing an unbootable Windows 10 system - wdboot.sys missing. groups.google.com. (2024).
Original: https://groups.google.com/g/uk.comp.homebuilt/c/wC8YeAgPKAg
Archived: https://archive.ph/2024.10.27-165908/https://groups.google.com/g/uk.comp.homebuilt/c/wC8YeAgPKAg
nickel-x64/WinSxS/Manifests/amd64_windows-defender-drivers_31bf3856ad364e35_10.0.22621.1_none_5262daf3e8f76071.manifest at b3f8c9549e49f2a92b401b3809b210d5f78190ba · privacysexy-forks/nickel-x64. github.com. (2024).
Original: https://github.com/privacysexy-forks/nickel-x64/blob/b3f8c9549e49f2a92b401b3809b210d5f78190ba/WinSxS/Manifests/amd64_windows-defender-drivers_31bf3856ad364e35_10.0.22621.1_none_5262daf3e8f76071.manifest
Archived: https://archive.ph/2024.10.27-164219/https://github.com/privacysexy-forks/nickel-x64/blob/b3f8c9549e49f2a92b401b3809b210d5f78190ba/WinSxS/Manifests/amd64_windows-defender-drivers_31bf3856ad364e35_10.0.22621.1_none_5262daf3e8f76071.manifest
Examples of an Azure TPM Attestation policy. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/azure/attestation/tpm-attestation-sample-policies
Archived: https://archive.ph/2024.10.27-165848/https://learn.microsoft.com/en-us/azure/attestation/tpm-attestation-sample-policies

Apply Now

Choose one of three ways to apply:

Download script

Download and run the script directly

No app needed
Offline usage
Easy-to-apply
Free
Open-source

Apply protection

Undo protection

Help

How to apply or restore "Disable Defender Antivirus boot driver" using script

≈ 2 min to complete
Tools: Web Browser
Difficulty: Simple
≈ 5 instructions

1
Download
Download the script file by clicking on the Apply protection button above.
Use Undo protection button above to restore changes.
2
Keep the file
If warned by your browser, keep the file.
3
Open
Open the downloaded file.
4
Exit
Once it's done, press any key to exit the window.
5
Restart
Restart your computer for all changes to take effect.

Apply with privacy.sexy

Guided, automated application with safety checks

Recommended for most users
Includes safety checks
Free
Open-source
Popular
Offline/Online usage

Open privacy.sexy

Help

How to apply or restore "Disable Defender Antivirus boot driver" using privacy.sexy

≈ 3 min to complete
Tools: privacy.sexy
Difficulty: Simple
≈ 4 instructions

privacy.sexy is free and open-source application that lets securely apply this action easily with more advanced options.

1
Open or download
Open or download the desktop application
2
Choose script
1. Search for the script name: Disable Defender Antivirus boot driver
2. Check the script by clicking on the checkbox.
3
Run
Click on ▶️ Run button at the bottom of the page.
This button only appears on desktop version (recommended). On browser, use 💾 Save button.

Run commands

Copy and run commands manually Requires technical knowledge

Apply
Revert

Apply changes
:: Disable the service `WdBoot` using TrustedInstaller privileges
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''WdBoot'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\WdBoot.sys" with additional permissions 
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\WdBoot.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
:: Soft delete files matching pattern: "%SYSTEMROOT%\ELAMBKUP\WdBoot.sys" with additional permissions 
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\ELAMBKUP\WdBoot.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
:: Delete the registry value "BackupPath" from the key "HKLM\SYSTEM\CurrentControlSet\Control\EarlyLaunch" 
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SYSTEM\CurrentControlSet\Control\EarlyLaunch'; $valueName = 'BackupPath'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\Config\elam"  
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\Config\elam"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }"

Restore changes

Ijo6IFJlc3RvcmUgdGhlIHNlcnZpY2UgYFdkQm9vdGAgdXNpbmcgVHJ1c3RlZEluc3RhbGxlciBwcml2aWxlZ2VzXG5Qb3dlclNoZWxsIC1FeGVjdXRpb25Qb2xpY3kgVW5yZXN0cmljdGVkIC1Db21tYW5kIFwiZnVuY3Rpb24gSW52b2tlLUFzVHJ1c3RlZEluc3RhbGxlcigkU2NyaXB0KSB7ICRwcmluY2lwYWxTaWQgPSBbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdOjpuZXcoJ1MtMS01LTgwLTk1NjAwODg4NS0zNDE4NTIyNjQ5LTE4MzEwMzgwNDQtMTg1MzI5MjYzMS0yMjcxNDc4NDY0Jyk7ICRwcmluY2lwYWxOYW1lID0gJHByaW5jaXBhbFNpZC5UcmFuc2xhdGUoW1N5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50XSk7ICRzdHJlYW1GaWxlID0gTmV3LVRlbXBvcmFyeUZpbGU7ICRzY3JpcHRGaWxlID0gTmV3LVRlbXBvcmFyeUZpbGU7IHRyeSB7ICRzY3JpcHRGaWxlID0gUmVuYW1lLUl0ZW0gLUxpdGVyYWxQYXRoICRzY3JpcHRGaWxlIC1OZXdOYW1lICgkc2NyaXB0RmlsZS5CYXNlTmFtZSArICcucHMxJykgLUZvcmNlIC1QYXNzVGhydTsgJFNjcmlwdCB8IE91dC1GaWxlICRzY3JpcHRGaWxlIC1FbmNvZGluZyBVVEY4OyAkdGFza05hbWUgPSBcIl5cIlwicHJpdmFjeSQoW2NoYXJdMHgwMDJFKXNleHkgaW52b2tlXCJeXCJcIjsgc2NodGFza3MuZXhlIC9kZWxldGUgL3RuICR0YXNrTmFtZSAvZiAyPiYxIHwgT3V0LU51bGw7ICRleGVjdXRpb25Db21tYW5kID0gXCJeXCJcInBvd2Vyc2hlbGwuZXhlIC1FeGVjdXRpb25Qb2xpY3kgQnlwYXNzIC1GaWxlICckc2NyaXB0RmlsZScgKj4mMSB8IE91dC1GaWxlIC1GaWxlUGF0aCAnJHN0cmVhbUZpbGUnIC1FbmNvZGluZyBVVEY4XCJeXCJcIjsgJGFjdGlvbiA9IE5ldy1TY2hlZHVsZWRUYXNrQWN0aW9uIC1FeGVjdXRlICdwb3dlcnNoZWxsLmV4ZScgLUFyZ3VtZW50IFwiXlwiXCItRXhlY3V0aW9uUG9saWN5IEJ5cGFzcyAtQ29tbWFuZCBgXCJeXCJcIiRleGVjdXRpb25Db21tYW5kYFwiXlwiXCJcIl5cIlwiOyAkc2V0dGluZ3MgPSBOZXctU2NoZWR1bGVkVGFza1NldHRpbmdzU2V0IC1BbGxvd1N0YXJ0SWZPbkJhdHRlcmllcyAtRG9udFN0b3BJZkdvaW5nT25CYXR0ZXJpZXM7IFJlZ2lzdGVyLVNjaGVkdWxlZFRhc2sgLVRhc2tOYW1lICR0YXNrTmFtZSAtQWN0aW9uICRhY3Rpb24gLVNldHRpbmdzICRzZXR0aW5ncyAtRm9yY2UgLUVycm9yQWN0aW9uIFN0b3AgfCBPdXQtTnVsbDsgdHJ5IHsgKCRzY2hlZHVsZVNlcnZpY2UgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2NoZWR1bGUuU2VydmljZSkuQ29ubmVjdCgpOyAkc2NoZWR1bGVTZXJ2aWNlLkdldEZvbGRlcignXFwnKS5HZXRUYXNrKCR0YXNrTmFtZSkuUnVuRXgoJG51bGwsIDAsIDAsICRwcmluY2lwYWxOYW1lKSB8IE91dC1OdWxsOyAkdGltZW91dCA9IChHZXQtRGF0ZSkuQWRkTWludXRlcyg1KTsgV3JpdGUtSG9zdCBcIl5cIlwiUnVubmluZyBhcyAkcHJpbmNpcGFsTmFtZVwiXlwiXCI7IHdoaWxlICgoR2V0LVNjaGVkdWxlZFRhc2tJbmZvICR0YXNrTmFtZSkuTGFzdFRhc2tSZXN1bHQgLWVxIDI2NzAwOSkgeyBTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDIwMDsgaWYgKChHZXQtRGF0ZSkgLWd0ICR0aW1lb3V0KSB7IFdyaXRlLVdhcm5pbmcgJ1NraXBwaW5nOiBUaW1lb3V0JzsgYnJlYWs7IH07IH07IGlmICgoJHJlc3VsdCA9IChHZXQtU2NoZWR1bGVkVGFza0luZm8gJHRhc2tOYW1lKS5MYXN0VGFza1Jlc3VsdCkgLW5lIDApIHsgV3JpdGUtRXJyb3IgXCJeXCJcIkZhaWxlZCwgZHVlIHRvIGV4aXQgY29kZTogJHJlc3VsdC5cIl5cIlwiOyB9IH0gZmluYWxseSB7IHNjaHRhc2tzLmV4ZSAvZGVsZXRlIC90biAkdGFza05hbWUgL2YgfCBPdXQtTnVsbDsgfTsgR2V0LUNvbnRlbnQgJHN0cmVhbUZpbGUgfSBmaW5hbGx5IHsgUmVtb3ZlLUl0ZW0gJHN0cmVhbUZpbGUsICRzY3JpcHRGaWxlOyB9OyB9OyAkY21kID0gJyRzZXJ2aWNlUXVlcnkgPSAnJ1dkQm9vdCcnJytcIl5cIlwiYHJgblwiXlwiXCIrJyRkZWZhdWx0U3RhcnR1cE1vZGUgPSAnJ0Jvb3QnJycrXCJeXCJcImByYG5cIl5cIlwiKyc8IyAtLSAxLiBTa2lwIGlmIHNlcnZpY2UgZG9lcyBub3QgZXhpc3QgIz4nK1wiXlwiXCJgcmBuXCJeXCJcIisnJHNlcnZpY2UgPSBHZXQtU2VydmljZSAtTmFtZSAkc2VydmljZVF1ZXJ5IC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlJytcIl5cIlwiYHJgblwiXlwiXCIrJ2lmICghJHNlcnZpY2UpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIFdyaXRlLVdhcm5pbmcgXCJeXCJcIlNlcnZpY2UgcXVlcnkgYFwiXlwiXCIkc2VydmljZVF1ZXJ5YFwiXlwiXCIgZGlkIG5vdCB5aWVsZCBhbmQgcmVzdWx0cy4gUmV2ZXJ0IGNhbm5vdCBwcm9jZWVkLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIEV4aXQgMScrXCJeXCJcImByYG5cIl5cIlwiKyd9JytcIl5cIlwiYHJgblwiXlwiXCIrJyRzZXJ2aWNlTmFtZSA9ICRzZXJ2aWNlLk5hbWUnK1wiXlwiXCJgcmBuXCJeXCJcIisnV3JpdGUtSG9zdCBcIl5cIlwiUmVzdG9yaW5nIHJlZ2lzdHJ5IHNldHRpbmdzIGZvciBzZXJ2aWNlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgdG8gZGVmYXVsdCBzdGFydHVwIG1vZGUgYFwiXlwiXCIkZGVmYXVsdFN0YXJ0dXBNb2RlYFwiXlwiXCIuXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKyc8IyAtLSAyLiBTa2lwIGlmIHNlcnZpY2UgaW5mbyBpcyBub3QgZm91bmQgaW4gcmVnaXN0cnkgIz4nK1wiXlwiXCJgcmBuXCJeXCJcIisnJHJlZ2lzdHJ5S2V5ID0gXCJeXCJcIkhLTE06XFxTWVNURU1cXEN1cnJlbnRDb250cm9sU2V0XFxTZXJ2aWNlc1xcJHNlcnZpY2VOYW1lXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKydpZiAoLU5vdCAoVGVzdC1QYXRoICRyZWdpc3RyeUtleSkpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIFdyaXRlLVdhcm5pbmcgXCJeXCJcImBcIl5cIlwiJHJlZ2lzdHJ5S2V5YFwiXlwiXCIgaXMgbm90IGZvdW5kIGluIHJlZ2lzdHJ5LiBSZXZlcnQgY2Fubm90IHByb2NlZWQuXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKycgICAgRXhpdCAxJytcIl5cIlwiYHJgblwiXlwiXCIrJ30nK1wiXlwiXCJgcmBuXCJeXCJcIisnPCMgLS0gMy4gRW5hYmxlIGlmIG5vdCBhbHJlYWR5IGVuYWJsZWQgIz4nK1wiXlwiXCJgcmBuXCJeXCJcIisnJGRlZmF1bHRTdGFydHVwUmVnVmFsdWUgPSBzd2l0Y2ggKCRkZWZhdWx0U3RhcnR1cE1vZGUpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnQm9vdCcnICAgICAgeyAwIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnU3lzdGVtJycgICAgeyAxIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnQXV0b21hdGljJycgeyAyIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnTWFudWFsJycgICAgeyAzIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnRGlzYWJsZWQnJyAgeyA0IH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIGRlZmF1bHQgeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUVycm9yIFwiXlwiXCJFcnJvcjogVW5rbm93biBzdGFydHVwIG1vZGUgc3BlY2lmaWVkOiBgXCJeXCJcIiRkZWZhdWx0U3RhcnR1cE1vZGVgXCJeXCJcIi4gUmV2ZXJ0IGNhbm5vdCBwcm9jZWVkLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICAgICByZXR1cm4nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnfScrXCJeXCJcImByYG5cIl5cIlwiKydpZiAoJChHZXQtSXRlbVByb3BlcnR5IC1QYXRoIFwiXlwiXCIkcmVnaXN0cnlLZXlcIl5cIlwiKS5TdGFydCAtZXEgJGRlZmF1bHRTdGFydHVwUmVnVmFsdWUpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIFdyaXRlLUhvc3QgXCJeXCJcImBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgaXMgaGFzIGFscmVhZHkgZGVmYXVsdCBzdGFydHVwIG1vZGU6IGBcIl5cIlwiJGRlZmF1bHRTdGFydHVwTW9kZWBcIl5cIlwiLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnfSBlbHNlIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIHRyeSB7JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAkcmVnaXN0cnlLZXkgLU5hbWUgU3RhcnQgLVZhbHVlICRkZWZhdWx0U3RhcnR1cFJlZ1ZhbHVlIC1Gb3JjZScrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUhvc3QgXCJeXCJcIlN1Y2Nlc3NmdWxseSByZXN0b3JlZCBgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIHdpdGggYFwiXlwiXCIkZGVmYXVsdFN0YXJ0dXBNb2RlYFwiXlwiXCIgc3RhcnQsIHRoaXMgbWF5IHJlcXVpcmUgcmVzdGFydGluZyB5b3VyIGNvbXB1dGVyLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIH0gY2F0Y2ggeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUVycm9yIFwiXlwiXCJDb3VsZCBub3QgZW5hYmxlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCI6ICRfXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIEV4aXQgMScrXCJeXCJcImByYG5cIl5cIlwiKycgICAgfScrXCJeXCJcImByYG5cIl5cIlwiKyd9JytcIl5cIlwiYHJgblwiXlwiXCIrJzwjIC0tIDQuIFN0YXJ0IGlmIG5vdCBydW5uaW5nIChtdXN0IGJlIGVuYWJsZWQgZmlyc3QpICM+JytcIl5cIlwiYHJgblwiXlwiXCIrJ2lmICgkZGVmYXVsdFN0YXJ0dXBNb2RlIC1lcSAnJ0F1dG9tYXRpYycnIC1vciAkZGVmYXVsdFN0YXJ0dXBNb2RlIC1lcSAnJ0Jvb3QnJyAtb3IgJGRlZmF1bHRTdGFydHVwTW9kZSAtZXEgJydTeXN0ZW0nJykgeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgaWYgKCRzZXJ2aWNlLlN0YXR1cyAtbmUgW1N5c3RlbS5TZXJ2aWNlUHJvY2Vzcy5TZXJ2aWNlQ29udHJvbGxlclN0YXR1c106OlJ1bm5pbmcpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICAgICBXcml0ZS1Ib3N0IFwiXlwiXCJgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIGlzIG5vdCBydW5uaW5nLCB0cnlpbmcgdG8gc3RhcnQgaXQuXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIHRyeSB7JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgICAgIFN0YXJ0LVNlcnZpY2UgLU5hbWUgJHNlcnZpY2VOYW1lIC1FcnJvckFjdGlvbiBTdG9wJytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgICAgIFdyaXRlLUhvc3QgJydTZXJ2aWNlIHN0YXJ0ZWQgc3VjY2Vzc2Z1bGx5LicnJytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgfSBjYXRjaCB7JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgICAgIFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byByZXN0YXJ0IHNlcnZpY2UuIEl0IHdpbGwgYmUgc3RhcnRlZCBhZnRlciByZWJvb3QuIEVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICAgICB9JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICB9IGVsc2UgeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUhvc3QgXCJeXCJcImBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgaXMgYWxyZWFkeSBydW5uaW5nLCBubyBuZWVkIHRvIHN0YXJ0LlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnfSc7IEludm9rZS1Bc1RydXN0ZWRJbnN0YWxsZXIgJGNtZFwiXG46OiBSZXN0b3JlIGZpbGVzIG1hdGNoaW5nIHBhdHRlcm46IFwiJVNZU1RFTVJPT1QlXFxTeXN0ZW0zMlxcZHJpdmVyc1xcV2RCb290LnN5c1wiIHdpdGggYWRkaXRpb25hbCBwZXJtaXNzaW9ucyBcblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCIkcmV2ZXJ0ID0gJHRydWU7ICRwYXRoR2xvYlBhdHRlcm4gPSBcIl5cIlwiJVNZU1RFTVJPT1QlXFxTeXN0ZW0zMlxcZHJpdmVyc1xcV2RCb290LnN5cy5PTERcIl5cIlwiOyAkZXhwYW5kZWRQYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoR2xvYlBhdHRlcm4pOyBXcml0ZS1Ib3N0IFwiXlwiXCJTZWFyY2hpbmcgZm9yIGl0ZW1zIG1hdGNoaW5nIHBhdHRlcm46IGBcIl5cIlwiJCgkZXhwYW5kZWRQYXRoKWBcIl5cIlwiLlwiXlwiXCI7ICRyZW5hbWVkQ291bnQgICA9IDA7ICRza2lwcGVkQ291bnQgICA9IDA7ICRmYWlsZWRDb3VudCAgICA9IDA7IEFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiBcIl5cIlwidXNpbmcgU3lzdGVtO2ByYG51c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7YHJgbnB1YmxpYyBjbGFzcyBQcml2aWxlZ2VzIHtgcmBuICAgIFtEbGxJbXBvcnQoYFwiXlwiXCJhZHZhcGkzMi5kbGxgXCJeXCJcIiwgRXhhY3RTcGVsbGluZyA9IHRydWUsIFNldExhc3RFcnJvciA9IHRydWUpXWByYG4gICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcyhJbnRQdHIgaHRvaywgYm9vbCBkaXNhbGwsYHJgbiAgICAgICAgcmVmIFRva1ByaXYxTHVpZCBuZXdzdCwgaW50IGxlbiwgSW50UHRyIHByZXYsIEludFB0ciByZWxlbik7YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwiYWR2YXBpMzIuZGxsYFwiXlwiXCIsIEV4YWN0U3BlbGxpbmcgPSB0cnVlLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV1gcmBuICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKEludFB0ciBoLCBpbnQgYWNjLCByZWYgSW50UHRyIHBodG9rKTtgcmBuICAgIFtEbGxJbXBvcnQoYFwiXlwiXCJhZHZhcGkzMi5kbGxgXCJeXCJcIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldYHJgbiAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgTG9va3VwUHJpdmlsZWdlVmFsdWUoc3RyaW5nIGhvc3QsIHN0cmluZyBuYW1lLCByZWYgbG9uZyBwbHVpZCk7YHJgbiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgUGFjayA9IDEpXWByYG4gICAgaW50ZXJuYWwgc3RydWN0IFRva1ByaXYxTHVpZCB7YHJgbiAgICAgICAgcHVibGljIGludCBDb3VudDtgcmBuICAgICAgICBwdWJsaWMgbG9uZyBMdWlkO2ByYG4gICAgICAgIHB1YmxpYyBpbnQgQXR0cjtgcmBuICAgIH1gcmBuICAgIGludGVybmFsIGNvbnN0IGludCBTRV9QUklWSUxFR0VfRU5BQkxFRCA9IDB4MDAwMDAwMDI7YHJgbiAgICBpbnRlcm5hbCBjb25zdCBpbnQgVE9LRU5fUVVFUlkgPSAweDAwMDAwMDA4O2ByYG4gICAgaW50ZXJuYWwgY29uc3QgaW50IFRPS0VOX0FESlVTVF9QUklWSUxFR0VTID0gMHgwMDAwMDAyMDtgcmBuICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBBZGRQcml2aWxlZ2Uoc3RyaW5nIHByaXZpbGVnZSkge2ByYG4gICAgICAgIHRyeSB7YHJgbiAgICAgICAgICAgIGJvb2wgcmV0VmFsO2ByYG4gICAgICAgICAgICBUb2tQcml2MUx1aWQgdHA7YHJgbiAgICAgICAgICAgIEludFB0ciBocHJvYyA9IEdldEN1cnJlbnRQcm9jZXNzKCk7YHJgbiAgICAgICAgICAgIEludFB0ciBodG9rID0gSW50UHRyLlplcm87YHJgbiAgICAgICAgICAgIHJldFZhbCA9IE9wZW5Qcm9jZXNzVG9rZW4oaHByb2MsIFRPS0VOX0FESlVTVF9QUklWSUxFR0VTIHwgVE9LRU5fUVVFUlksIHJlZiBodG9rKTtgcmBuICAgICAgICAgICAgdHAuQ291bnQgPSAxO2ByYG4gICAgICAgICAgICB0cC5MdWlkID0gMDtgcmBuICAgICAgICAgICAgdHAuQXR0ciA9IFNFX1BSSVZJTEVHRV9FTkFCTEVEO2ByYG4gICAgICAgICAgICByZXRWYWwgPSBMb29rdXBQcml2aWxlZ2VWYWx1ZShudWxsLCBwcml2aWxlZ2UsIHJlZiB0cC5MdWlkKTtgcmBuICAgICAgICAgICAgcmV0VmFsID0gQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGh0b2ssIGZhbHNlLCByZWYgdHAsIDAsIEludFB0ci5aZXJvLCBJbnRQdHIuWmVybyk7YHJgbiAgICAgICAgICAgIHJldHVybiByZXRWYWw7YHJgbiAgICAgICAgfSBjYXRjaCAoRXhjZXB0aW9uIGV4KSB7YHJgbiAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oYFwiXlwiXCJGYWlsZWQgdG8gYWRqdXN0IHRva2VuIHByaXZpbGVnZXNgXCJeXCJcIiwgZXgpO2ByYG4gICAgICAgIH1gcmBuICAgIH1gcmBuICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBSZW1vdmVQcml2aWxlZ2Uoc3RyaW5nIHByaXZpbGVnZSkge2ByYG4gICAgICAgIHRyeSB7YHJgbiAgICAgICAgICAgIGJvb2wgcmV0VmFsO2ByYG4gICAgICAgICAgICBUb2tQcml2MUx1aWQgdHA7YHJgbiAgICAgICAgICAgIEludFB0ciBocHJvYyA9IEdldEN1cnJlbnRQcm9jZXNzKCk7YHJgbiAgICAgICAgICAgIEludFB0ciBodG9rID0gSW50UHRyLlplcm87YHJgbiAgICAgICAgICAgIHJldFZhbCA9IE9wZW5Qcm9jZXNzVG9rZW4oaHByb2MsIFRPS0VOX0FESlVTVF9QUklWSUxFR0VTIHwgVE9LRU5fUVVFUlksIHJlZiBodG9rKTtgcmBuICAgICAgICAgICAgdHAuQ291bnQgPSAxO2ByYG4gICAgICAgICAgICB0cC5MdWlkID0gMDtgcmBuICAgICAgICAgICAgdHAuQXR0ciA9IDA7ICAvLyBUaGlzIGxpbmUgaXMgY2hhbmdlZCB0byByZXZva2UgdGhlIHByaXZpbGVnZWByYG4gICAgICAgICAgICByZXRWYWwgPSBMb29rdXBQcml2aWxlZ2VWYWx1ZShudWxsLCBwcml2aWxlZ2UsIHJlZiB0cC5MdWlkKTtgcmBuICAgICAgICAgICAgcmV0VmFsID0gQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGh0b2ssIGZhbHNlLCByZWYgdHAsIDAsIEludFB0ci5aZXJvLCBJbnRQdHIuWmVybyk7YHJgbiAgICAgICAgICAgIHJldHVybiByZXRWYWw7YHJgbiAgICAgICAgfSBjYXRjaCAoRXhjZXB0aW9uIGV4KSB7YHJgbiAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oYFwiXlwiXCJGYWlsZWQgdG8gYWRqdXN0IHRva2VuIHByaXZpbGVnZXNgXCJeXCJcIiwgZXgpO2ByYG4gICAgICAgIH1gcmBuICAgIH1gcmBuICAgIFtEbGxJbXBvcnQoYFwiXlwiXCJrZXJuZWwzMi5kbGxgXCJeXCJcIiwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldYHJgbiAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgR2V0Q3VycmVudFByb2Nlc3MoKTtgcmBufVwiXlwiXCI7IFtQcml2aWxlZ2VzXTo6QWRkUHJpdmlsZWdlKCdTZVJlc3RvcmVQcml2aWxlZ2UnKSB8IE91dC1OdWxsOyBbUHJpdmlsZWdlc106OkFkZFByaXZpbGVnZSgnU2VUYWtlT3duZXJzaGlwUHJpdmlsZWdlJykgfCBPdXQtTnVsbDsgJGFkbWluU2lkID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLlNlY3VyaXR5SWRlbnRpZmllciAnUy0xLTUtMzItNTQ0JzsgJGFkbWluQWNjb3VudCA9ICRhZG1pblNpZC5UcmFuc2xhdGUoW1N5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50XSk7ICRhZG1pbkZ1bGxDb250cm9sQWNjZXNzUnVsZSA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LkFjY2Vzc0NvbnRyb2wuRmlsZVN5c3RlbUFjY2Vzc1J1bGUoICRhZG1pbkFjY291bnQsIFtTeXN0ZW0uU2VjdXJpdHkuQWNjZXNzQ29udHJvbC5GaWxlU3lzdGVtUmlnaHRzXTo6RnVsbENvbnRyb2wsIFtTeXN0ZW0uU2VjdXJpdHkuQWNjZXNzQ29udHJvbC5BY2Nlc3NDb250cm9sVHlwZV06OkFsbG93ICk7ICRmb3VuZEFic29sdXRlUGF0aHMgPSBAKCk7IHRyeSB7ICRmb3VuZEFic29sdXRlUGF0aHMgKz0gQCg7IEdldC1JdGVtIC1QYXRoICRleHBhbmRlZFBhdGggLUVycm9yQWN0aW9uIFN0b3AgfCBTZWxlY3QtT2JqZWN0IC1FeHBhbmRQcm9wZXJ0eSBGdWxsTmFtZTsgKTsgfSBjYXRjaCBbU3lzdGVtLk1hbmFnZW1lbnQuQXV0b21hdGlvbi5JdGVtTm90Rm91bmRFeGNlcHRpb25dIHsgPCMgU3dhbGxvdywgZG8gbm90IHJ1biBgVGVzdC1QYXRoYCBiZWZvcmUsIGl0J3MgdW5yZWxpYWJsZSBmb3IgZ2xvYnMgcmVxdWlyaW5nIGV4dHJhIHBlcm1pc3Npb25zICM+OyB9OyAkZm91bmRBYnNvbHV0ZVBhdGhzID0gJGZvdW5kQWJzb2x1dGVQYXRocyB8IFNlbGVjdC1PYmplY3QgLVVuaXF1ZSB8IFNvcnQtT2JqZWN0IC1Qcm9wZXJ0eSB7ICRfLkxlbmd0aCB9IC1EZXNjZW5kaW5nOyBpZiAoISRmb3VuZEFic29sdXRlUGF0aHMpIHsgV3JpdGUtSG9zdCAnU2tpcHBpbmcsIG5vIGl0ZW1zIGF2YWlsYWJsZS4nOyBleGl0IDA7IH07IFdyaXRlLUhvc3QgXCJeXCJcIkluaXRpYXRpbmcgcHJvY2Vzc2luZyBvZiAkKCRmb3VuZEFic29sdXRlUGF0aHMuQ291bnQpIGl0ZW1zIGZyb20gYFwiXlwiXCIkZXhwYW5kZWRQYXRoYFwiXlwiXCIuXCJeXCJcIjsgZm9yZWFjaCAoJHBhdGggaW4gJGZvdW5kQWJzb2x1dGVQYXRocykgeyBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcgZm9sZGVyIChub3QgaXRzIGNvbnRlbnRzKTogYFwiXlwiXCIkcGF0aGBcIl5cIlwiLlwiXlwiXCI7ICRza2lwcGVkQ291bnQrKzsgY29udGludWU7IH07IGlmKCRyZXZlcnQgLWVxICR0cnVlKSB7IGlmICgtbm90ICRwYXRoLkVuZHNXaXRoKCcuT0xEJykpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcgbm9uLWJhY2t1cCBmaWxlOiBgXCJeXCJcIiRwYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHNraXBwZWRDb3VudCsrOyBjb250aW51ZTsgfTsgfSBlbHNlIHsgaWYgKCRwYXRoLkVuZHNXaXRoKCcuT0xEJykpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcgYmFja3VwIGZpbGU6IGBcIl5cIlwiJHBhdGhgXCJeXCJcIi5cIl5cIlwiOyAkc2tpcHBlZENvdW50Kys7IGNvbnRpbnVlOyB9OyB9OyAkb3JpZ2luYWxGaWxlUGF0aCA9ICRwYXRoOyBXcml0ZS1Ib3N0IFwiXlwiXCJQcm9jZXNzaW5nIGZpbGU6IGBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhgXCJeXCJcIi5cIl5cIlwiOyBpZiAoLU5vdCAoVGVzdC1QYXRoICRvcmlnaW5hbEZpbGVQYXRoKSkgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTa2lwcGluZywgZmlsZSBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIgbm90IGZvdW5kLlwiXlwiXCI7ICRza2lwcGVkQ291bnQrKzsgZXhpdCAwOyB9OyAkb3JpZ2luYWxBY2wgPSBHZXQtQWNsIC1QYXRoIFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aFwiXlwiXCI7ICRhY2Nlc3NHcmFudGVkID0gJGZhbHNlOyB0cnkgeyAkYWNsID0gR2V0LUFjbCAtUGF0aCBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhcIl5cIlwiOyAkYWNsLlNldE93bmVyKCRhZG1pbkFjY291bnQpIDwjIFRha2UgT3duZXJzaGlwIChiZWNhdXNlIGZpbGUgaXMgb3duZWQgYnkgVHJ1c3RlZEluc3RhbGxlcikgIz47ICRhY2wuQWRkQWNjZXNzUnVsZSgkYWRtaW5GdWxsQ29udHJvbEFjY2Vzc1J1bGUpIDwjIEdyYW50IHJpZ2h0cyB0byBiZSBhYmxlIHRvIG1vdmUgdGhlIGZpbGUgIz47IFNldC1BY2wgLVBhdGggJG9yaWdpbmFsRmlsZVBhdGggLUFjbE9iamVjdCAkYWNsIC1FcnJvckFjdGlvbiBTdG9wOyAkYWNjZXNzR3JhbnRlZCA9ICR0cnVlOyB9IGNhdGNoIHsgV3JpdGUtV2FybmluZyBcIl5cIlwiRmFpbGVkIHRvIGdyYW50IGFjY2VzcyB0byBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCI6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpXCJeXCJcIjsgfTsgaWYgKCRyZXZlcnQgLWVxICR0cnVlKSB7ICRuZXdGaWxlUGF0aCA9ICRvcmlnaW5hbEZpbGVQYXRoLlN1YnN0cmluZygwLCAkb3JpZ2luYWxGaWxlUGF0aC5MZW5ndGggLSA0KTsgfSBlbHNlIHsgJG5ld0ZpbGVQYXRoID0gXCJeXCJcIiQoJG9yaWdpbmFsRmlsZVBhdGgpLk9MRFwiXlwiXCI7IH07IHRyeSB7IE1vdmUtSXRlbSAtTGl0ZXJhbFBhdGggXCJeXCJcIiQoJG9yaWdpbmFsRmlsZVBhdGgpXCJeXCJcIiAtRGVzdGluYXRpb24gXCJeXCJcIiRuZXdGaWxlUGF0aFwiXlwiXCIgLUZvcmNlIC1FcnJvckFjdGlvbiBTdG9wOyBXcml0ZS1Ib3N0IFwiXlwiXCJTdWNjZXNzZnVsbHkgcHJvY2Vzc2VkIGBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhgXCJeXCJcIi5cIl5cIlwiOyAkcmVuYW1lZENvdW50Kys7IGlmICgkYWNjZXNzR3JhbnRlZCkgeyB0cnkgeyBTZXQtQWNsIC1QYXRoICRuZXdGaWxlUGF0aCAtQWNsT2JqZWN0ICRvcmlnaW5hbEFjbCAtRXJyb3JBY3Rpb24gU3RvcDsgfSBjYXRjaCB7IFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byByZXN0b3JlIGFjY2VzcyBvbiBgXCJeXCJcIiRuZXdGaWxlUGF0aGBcIl5cIlwiOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH07IH07IH0gY2F0Y2ggeyBXcml0ZS1FcnJvciBcIl5cIlwiRmFpbGVkIHRvIHJlbmFtZSBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIgdG8gYFwiXlwiXCIkbmV3RmlsZVBhdGhgXCJeXCJcIjogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyAkZmFpbGVkQ291bnQrKzsgaWYgKCRhY2Nlc3NHcmFudGVkKSB7IHRyeSB7IFNldC1BY2wgLVBhdGggJG9yaWdpbmFsRmlsZVBhdGggLUFjbE9iamVjdCAkb3JpZ2luYWxBY2wgLUVycm9yQWN0aW9uIFN0b3A7IH0gY2F0Y2ggeyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gcmVzdG9yZSBhY2Nlc3Mgb24gYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH07IH07IH07IH07IGlmICgoJHJlbmFtZWRDb3VudCAtZ3QgMCkgLW9yICgkc2tpcHBlZENvdW50IC1ndCAwKSkgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTdWNjZXNzZnVsbHkgcHJvY2Vzc2VkICRyZW5hbWVkQ291bnQgaXRlbXMgYW5kIHNraXBwZWQgJHNraXBwZWRDb3VudCBpdGVtcy5cIl5cIlwiOyB9OyBpZiAoJGZhaWxlZENvdW50IC1ndCAwKSB7IFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byBwcm9jZXNzICQoJGZhaWxlZENvdW50KSBpdGVtcy5cIl5cIlwiOyB9OyBbUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgnU2VSZXN0b3JlUHJpdmlsZWdlJykgfCBPdXQtTnVsbDsgW1ByaXZpbGVnZXNdOjpSZW1vdmVQcml2aWxlZ2UoJ1NlVGFrZU93bmVyc2hpcFByaXZpbGVnZScpIHwgT3V0LU51bGxcIlxuOjogUmVzdG9yZSBmaWxlcyBtYXRjaGluZyBwYXR0ZXJuOiBcIiVTWVNURU1ST09UJVxcRUxBTUJLVVBcXFdkQm9vdC5zeXNcIiB3aXRoIGFkZGl0aW9uYWwgcGVybWlzc2lvbnMgXG5Qb3dlclNoZWxsIC1FeGVjdXRpb25Qb2xpY3kgVW5yZXN0cmljdGVkIC1Db21tYW5kIFwiJHJldmVydCA9ICR0cnVlOyAkcGF0aEdsb2JQYXR0ZXJuID0gXCJeXCJcIiVTWVNURU1ST09UJVxcRUxBTUJLVVBcXFdkQm9vdC5zeXMuT0xEXCJeXCJcIjsgJGV4cGFuZGVkUGF0aCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcGF0aEdsb2JQYXR0ZXJuKTsgV3JpdGUtSG9zdCBcIl5cIlwiU2VhcmNoaW5nIGZvciBpdGVtcyBtYXRjaGluZyBwYXR0ZXJuOiBgXCJeXCJcIiQoJGV4cGFuZGVkUGF0aClgXCJeXCJcIi5cIl5cIlwiOyAkcmVuYW1lZENvdW50ICAgPSAwOyAkc2tpcHBlZENvdW50ICAgPSAwOyAkZmFpbGVkQ291bnQgICAgPSAwOyBBZGQtVHlwZSAtVHlwZURlZmluaXRpb24gXCJeXCJcInVzaW5nIFN5c3RlbTtgcmBudXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzO2ByYG5wdWJsaWMgY2xhc3MgUHJpdmlsZWdlcyB7YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwiYWR2YXBpMzIuZGxsYFwiXlwiXCIsIEV4YWN0U3BlbGxpbmcgPSB0cnVlLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV1gcmBuICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBBZGp1c3RUb2tlblByaXZpbGVnZXMoSW50UHRyIGh0b2ssIGJvb2wgZGlzYWxsLGByYG4gICAgICAgIHJlZiBUb2tQcml2MUx1aWQgbmV3c3QsIGludCBsZW4sIEludFB0ciBwcmV2LCBJbnRQdHIgcmVsZW4pO2ByYG4gICAgW0RsbEltcG9ydChgXCJeXCJcImFkdmFwaTMyLmRsbGBcIl5cIlwiLCBFeGFjdFNwZWxsaW5nID0gdHJ1ZSwgU2V0TGFzdEVycm9yID0gdHJ1ZSldYHJgbiAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgT3BlblByb2Nlc3NUb2tlbihJbnRQdHIgaCwgaW50IGFjYywgcmVmIEludFB0ciBwaHRvayk7YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwiYWR2YXBpMzIuZGxsYFwiXlwiXCIsIFNldExhc3RFcnJvciA9IHRydWUpXWByYG4gICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKHN0cmluZyBob3N0LCBzdHJpbmcgbmFtZSwgcmVmIGxvbmcgcGx1aWQpO2ByYG4gICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwsIFBhY2sgPSAxKV1gcmBuICAgIGludGVybmFsIHN0cnVjdCBUb2tQcml2MUx1aWQge2ByYG4gICAgICAgIHB1YmxpYyBpbnQgQ291bnQ7YHJgbiAgICAgICAgcHVibGljIGxvbmcgTHVpZDtgcmBuICAgICAgICBwdWJsaWMgaW50IEF0dHI7YHJgbiAgICB9YHJgbiAgICBpbnRlcm5hbCBjb25zdCBpbnQgU0VfUFJJVklMRUdFX0VOQUJMRUQgPSAweDAwMDAwMDAyO2ByYG4gICAgaW50ZXJuYWwgY29uc3QgaW50IFRPS0VOX1FVRVJZID0gMHgwMDAwMDAwODtgcmBuICAgIGludGVybmFsIGNvbnN0IGludCBUT0tFTl9BREpVU1RfUFJJVklMRUdFUyA9IDB4MDAwMDAwMjA7YHJgbiAgICBwdWJsaWMgc3RhdGljIGJvb2wgQWRkUHJpdmlsZWdlKHN0cmluZyBwcml2aWxlZ2UpIHtgcmBuICAgICAgICB0cnkge2ByYG4gICAgICAgICAgICBib29sIHJldFZhbDtgcmBuICAgICAgICAgICAgVG9rUHJpdjFMdWlkIHRwO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHByb2MgPSBHZXRDdXJyZW50UHJvY2VzcygpO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHRvayA9IEludFB0ci5aZXJvO2ByYG4gICAgICAgICAgICByZXRWYWwgPSBPcGVuUHJvY2Vzc1Rva2VuKGhwcm9jLCBUT0tFTl9BREpVU1RfUFJJVklMRUdFUyB8IFRPS0VOX1FVRVJZLCByZWYgaHRvayk7YHJgbiAgICAgICAgICAgIHRwLkNvdW50ID0gMTtgcmBuICAgICAgICAgICAgdHAuTHVpZCA9IDA7YHJgbiAgICAgICAgICAgIHRwLkF0dHIgPSBTRV9QUklWSUxFR0VfRU5BQkxFRDtgcmBuICAgICAgICAgICAgcmV0VmFsID0gTG9va3VwUHJpdmlsZWdlVmFsdWUobnVsbCwgcHJpdmlsZWdlLCByZWYgdHAuTHVpZCk7YHJgbiAgICAgICAgICAgIHJldFZhbCA9IEFkanVzdFRva2VuUHJpdmlsZWdlcyhodG9rLCBmYWxzZSwgcmVmIHRwLCAwLCBJbnRQdHIuWmVybywgSW50UHRyLlplcm8pO2ByYG4gICAgICAgICAgICByZXR1cm4gcmV0VmFsO2ByYG4gICAgICAgIH0gY2F0Y2ggKEV4Y2VwdGlvbiBleCkge2ByYG4gICAgICAgICAgICB0aHJvdyBuZXcgRXhjZXB0aW9uKGBcIl5cIlwiRmFpbGVkIHRvIGFkanVzdCB0b2tlbiBwcml2aWxlZ2VzYFwiXlwiXCIsIGV4KTtgcmBuICAgICAgICB9YHJgbiAgICB9YHJgbiAgICBwdWJsaWMgc3RhdGljIGJvb2wgUmVtb3ZlUHJpdmlsZWdlKHN0cmluZyBwcml2aWxlZ2UpIHtgcmBuICAgICAgICB0cnkge2ByYG4gICAgICAgICAgICBib29sIHJldFZhbDtgcmBuICAgICAgICAgICAgVG9rUHJpdjFMdWlkIHRwO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHByb2MgPSBHZXRDdXJyZW50UHJvY2VzcygpO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHRvayA9IEludFB0ci5aZXJvO2ByYG4gICAgICAgICAgICByZXRWYWwgPSBPcGVuUHJvY2Vzc1Rva2VuKGhwcm9jLCBUT0tFTl9BREpVU1RfUFJJVklMRUdFUyB8IFRPS0VOX1FVRVJZLCByZWYgaHRvayk7YHJgbiAgICAgICAgICAgIHRwLkNvdW50ID0gMTtgcmBuICAgICAgICAgICAgdHAuTHVpZCA9IDA7YHJgbiAgICAgICAgICAgIHRwLkF0dHIgPSAwOyAgLy8gVGhpcyBsaW5lIGlzIGNoYW5nZWQgdG8gcmV2b2tlIHRoZSBwcml2aWxlZ2VgcmBuICAgICAgICAgICAgcmV0VmFsID0gTG9va3VwUHJpdmlsZWdlVmFsdWUobnVsbCwgcHJpdmlsZWdlLCByZWYgdHAuTHVpZCk7YHJgbiAgICAgICAgICAgIHJldFZhbCA9IEFkanVzdFRva2VuUHJpdmlsZWdlcyhodG9rLCBmYWxzZSwgcmVmIHRwLCAwLCBJbnRQdHIuWmVybywgSW50UHRyLlplcm8pO2ByYG4gICAgICAgICAgICByZXR1cm4gcmV0VmFsO2ByYG4gICAgICAgIH0gY2F0Y2ggKEV4Y2VwdGlvbiBleCkge2ByYG4gICAgICAgICAgICB0aHJvdyBuZXcgRXhjZXB0aW9uKGBcIl5cIlwiRmFpbGVkIHRvIGFkanVzdCB0b2tlbiBwcml2aWxlZ2VzYFwiXlwiXCIsIGV4KTtgcmBuICAgICAgICB9YHJgbiAgICB9YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwia2VybmVsMzIuZGxsYFwiXlwiXCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXWByYG4gICAgcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIEdldEN1cnJlbnRQcm9jZXNzKCk7YHJgbn1cIl5cIlwiOyBbUHJpdmlsZWdlc106OkFkZFByaXZpbGVnZSgnU2VSZXN0b3JlUHJpdmlsZWdlJykgfCBPdXQtTnVsbDsgW1ByaXZpbGVnZXNdOjpBZGRQcml2aWxlZ2UoJ1NlVGFrZU93bmVyc2hpcFByaXZpbGVnZScpIHwgT3V0LU51bGw7ICRhZG1pblNpZCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIgJ1MtMS01LTMyLTU0NCc7ICRhZG1pbkFjY291bnQgPSAkYWRtaW5TaWQuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pOyAkYWRtaW5GdWxsQ29udHJvbEFjY2Vzc1J1bGUgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5BY2Nlc3NDb250cm9sLkZpbGVTeXN0ZW1BY2Nlc3NSdWxlKCAkYWRtaW5BY2NvdW50LCBbU3lzdGVtLlNlY3VyaXR5LkFjY2Vzc0NvbnRyb2wuRmlsZVN5c3RlbVJpZ2h0c106OkZ1bGxDb250cm9sLCBbU3lzdGVtLlNlY3VyaXR5LkFjY2Vzc0NvbnRyb2wuQWNjZXNzQ29udHJvbFR5cGVdOjpBbGxvdyApOyAkZm91bmRBYnNvbHV0ZVBhdGhzID0gQCgpOyB0cnkgeyAkZm91bmRBYnNvbHV0ZVBhdGhzICs9IEAoOyBHZXQtSXRlbSAtUGF0aCAkZXhwYW5kZWRQYXRoIC1FcnJvckFjdGlvbiBTdG9wIHwgU2VsZWN0LU9iamVjdCAtRXhwYW5kUHJvcGVydHkgRnVsbE5hbWU7ICk7IH0gY2F0Y2ggW1N5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uXSB7IDwjIFN3YWxsb3csIGRvIG5vdCBydW4gYFRlc3QtUGF0aGAgYmVmb3JlLCBpdCdzIHVucmVsaWFibGUgZm9yIGdsb2JzIHJlcXVpcmluZyBleHRyYSBwZXJtaXNzaW9ucyAjPjsgfTsgJGZvdW5kQWJzb2x1dGVQYXRocyA9ICRmb3VuZEFic29sdXRlUGF0aHMgfCBTZWxlY3QtT2JqZWN0IC1VbmlxdWUgfCBTb3J0LU9iamVjdCAtUHJvcGVydHkgeyAkXy5MZW5ndGggfSAtRGVzY2VuZGluZzsgaWYgKCEkZm91bmRBYnNvbHV0ZVBhdGhzKSB7IFdyaXRlLUhvc3QgJ1NraXBwaW5nLCBubyBpdGVtcyBhdmFpbGFibGUuJzsgZXhpdCAwOyB9OyBXcml0ZS1Ib3N0IFwiXlwiXCJJbml0aWF0aW5nIHByb2Nlc3Npbmcgb2YgJCgkZm91bmRBYnNvbHV0ZVBhdGhzLkNvdW50KSBpdGVtcyBmcm9tIGBcIl5cIlwiJGV4cGFuZGVkUGF0aGBcIl5cIlwiLlwiXlwiXCI7IGZvcmVhY2ggKCRwYXRoIGluICRmb3VuZEFic29sdXRlUGF0aHMpIHsgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7IFdyaXRlLUhvc3QgXCJeXCJcIlNraXBwaW5nIGZvbGRlciAobm90IGl0cyBjb250ZW50cyk6IGBcIl5cIlwiJHBhdGhgXCJeXCJcIi5cIl5cIlwiOyAkc2tpcHBlZENvdW50Kys7IGNvbnRpbnVlOyB9OyBpZigkcmV2ZXJ0IC1lcSAkdHJ1ZSkgeyBpZiAoLW5vdCAkcGF0aC5FbmRzV2l0aCgnLk9MRCcpKSB7IFdyaXRlLUhvc3QgXCJeXCJcIlNraXBwaW5nIG5vbi1iYWNrdXAgZmlsZTogYFwiXlwiXCIkcGF0aGBcIl5cIlwiLlwiXlwiXCI7ICRza2lwcGVkQ291bnQrKzsgY29udGludWU7IH07IH0gZWxzZSB7IGlmICgkcGF0aC5FbmRzV2l0aCgnLk9MRCcpKSB7IFdyaXRlLUhvc3QgXCJeXCJcIlNraXBwaW5nIGJhY2t1cCBmaWxlOiBgXCJeXCJcIiRwYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHNraXBwZWRDb3VudCsrOyBjb250aW51ZTsgfTsgfTsgJG9yaWdpbmFsRmlsZVBhdGggPSAkcGF0aDsgV3JpdGUtSG9zdCBcIl5cIlwiUHJvY2Vzc2luZyBmaWxlOiBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIuXCJeXCJcIjsgaWYgKC1Ob3QgKFRlc3QtUGF0aCAkb3JpZ2luYWxGaWxlUGF0aCkpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcsIGZpbGUgYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiIG5vdCBmb3VuZC5cIl5cIlwiOyAkc2tpcHBlZENvdW50Kys7IGV4aXQgMDsgfTsgJG9yaWdpbmFsQWNsID0gR2V0LUFjbCAtUGF0aCBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhcIl5cIlwiOyAkYWNjZXNzR3JhbnRlZCA9ICRmYWxzZTsgdHJ5IHsgJGFjbCA9IEdldC1BY2wgLVBhdGggXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoXCJeXCJcIjsgJGFjbC5TZXRPd25lcigkYWRtaW5BY2NvdW50KSA8IyBUYWtlIE93bmVyc2hpcCAoYmVjYXVzZSBmaWxlIGlzIG93bmVkIGJ5IFRydXN0ZWRJbnN0YWxsZXIpICM+OyAkYWNsLkFkZEFjY2Vzc1J1bGUoJGFkbWluRnVsbENvbnRyb2xBY2Nlc3NSdWxlKSA8IyBHcmFudCByaWdodHMgdG8gYmUgYWJsZSB0byBtb3ZlIHRoZSBmaWxlICM+OyBTZXQtQWNsIC1QYXRoICRvcmlnaW5hbEZpbGVQYXRoIC1BY2xPYmplY3QgJGFjbCAtRXJyb3JBY3Rpb24gU3RvcDsgJGFjY2Vzc0dyYW50ZWQgPSAkdHJ1ZTsgfSBjYXRjaCB7IFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byBncmFudCBhY2Nlc3MgdG8gYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH07IGlmICgkcmV2ZXJ0IC1lcSAkdHJ1ZSkgeyAkbmV3RmlsZVBhdGggPSAkb3JpZ2luYWxGaWxlUGF0aC5TdWJzdHJpbmcoMCwgJG9yaWdpbmFsRmlsZVBhdGguTGVuZ3RoIC0gNCk7IH0gZWxzZSB7ICRuZXdGaWxlUGF0aCA9IFwiXlwiXCIkKCRvcmlnaW5hbEZpbGVQYXRoKS5PTERcIl5cIlwiOyB9OyB0cnkgeyBNb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoIFwiXlwiXCIkKCRvcmlnaW5hbEZpbGVQYXRoKVwiXlwiXCIgLURlc3RpbmF0aW9uIFwiXlwiXCIkbmV3RmlsZVBhdGhcIl5cIlwiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU3RvcDsgV3JpdGUtSG9zdCBcIl5cIlwiU3VjY2Vzc2Z1bGx5IHByb2Nlc3NlZCBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHJlbmFtZWRDb3VudCsrOyBpZiAoJGFjY2Vzc0dyYW50ZWQpIHsgdHJ5IHsgU2V0LUFjbCAtUGF0aCAkbmV3RmlsZVBhdGggLUFjbE9iamVjdCAkb3JpZ2luYWxBY2wgLUVycm9yQWN0aW9uIFN0b3A7IH0gY2F0Y2ggeyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gcmVzdG9yZSBhY2Nlc3Mgb24gYFwiXlwiXCIkbmV3RmlsZVBhdGhgXCJeXCJcIjogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyB9OyB9OyB9IGNhdGNoIHsgV3JpdGUtRXJyb3IgXCJeXCJcIkZhaWxlZCB0byByZW5hbWUgYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiIHRvIGBcIl5cIlwiJG5ld0ZpbGVQYXRoYFwiXlwiXCI6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpXCJeXCJcIjsgJGZhaWxlZENvdW50Kys7IGlmICgkYWNjZXNzR3JhbnRlZCkgeyB0cnkgeyBTZXQtQWNsIC1QYXRoICRvcmlnaW5hbEZpbGVQYXRoIC1BY2xPYmplY3QgJG9yaWdpbmFsQWNsIC1FcnJvckFjdGlvbiBTdG9wOyB9IGNhdGNoIHsgV3JpdGUtV2FybmluZyBcIl5cIlwiRmFpbGVkIHRvIHJlc3RvcmUgYWNjZXNzIG9uIGBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhgXCJeXCJcIjogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyB9OyB9OyB9OyB9OyBpZiAoKCRyZW5hbWVkQ291bnQgLWd0IDApIC1vciAoJHNraXBwZWRDb3VudCAtZ3QgMCkpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU3VjY2Vzc2Z1bGx5IHByb2Nlc3NlZCAkcmVuYW1lZENvdW50IGl0ZW1zIGFuZCBza2lwcGVkICRza2lwcGVkQ291bnQgaXRlbXMuXCJeXCJcIjsgfTsgaWYgKCRmYWlsZWRDb3VudCAtZ3QgMCkgeyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gcHJvY2VzcyAkKCRmYWlsZWRDb3VudCkgaXRlbXMuXCJeXCJcIjsgfTsgW1ByaXZpbGVnZXNdOjpSZW1vdmVQcml2aWxlZ2UoJ1NlUmVzdG9yZVByaXZpbGVnZScpIHwgT3V0LU51bGw7IFtQcml2aWxlZ2VzXTo6UmVtb3ZlUHJpdmlsZWdlKCdTZVRha2VPd25lcnNoaXBQcml2aWxlZ2UnKSB8IE91dC1OdWxsXCJcbjo6IFJlc3RvcmUgdGhlIHJlZ2lzdHJ5IHZhbHVlIFwiQmFja3VwUGF0aFwiIGluIGtleSBcIkhLTE1cXFNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXENvbnRyb2xcXEVhcmx5TGF1bmNoXCIgdG8gaXRzIG9yaWdpbmFsIHZhbHVlIFxuUG93ZXJTaGVsbCAtRXhlY3V0aW9uUG9saWN5IFVucmVzdHJpY3RlZCAtQ29tbWFuZCBcIiRkYXRhID0gICclU1lTVEVNUk9PVCVcXEVMQU1CS1VQJzsgJHJhd1R5cGUgPSAnUkVHX1NaJzsgJHJhd1BhdGggPSAnSEtMTVxcU1lTVEVNXFxDdXJyZW50Q29udHJvbFNldFxcQ29udHJvbFxcRWFybHlMYXVuY2gnOyAkdmFsdWUgPSAnQmFja3VwUGF0aCc7ICRoaXZlID0gJHJhd1BhdGguU3BsaXQoJ1xcJylbMF07ICRwYXRoID0gXCJeXCJcIiQoJGhpdmUpOiQoJHJhd1BhdGguU3Vic3RyaW5nKCRoaXZlLkxlbmd0aCkpXCJeXCJcIjsgV3JpdGUtSG9zdCBcIl5cIlwiUmVzdG9yaW5nIHZhbHVlICckdmFsdWUnIGF0ICckcGF0aCcgd2l0aCB0eXBlICckcmF3VHlwZScgYW5kIHZhbHVlICckZGF0YScuXCJeXCJcIjsgaWYgKC1Ob3QgJHJhd1R5cGUpIHsgdGhyb3cgXCJeXCJcIkludGVybmFsIHByaXZhY3kkKFtjaGFyXTB4MDAyRSlzZXh5IGVycm9yOiBEYXRhIHR5cGUgaXMgbm90IHByb3ZpZGVkIGZvciBkYXRhICckZGF0YScuXCJeXCJcIjsgfTsgaWYgKC1Ob3QgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpKSB7IHRyeSB7IE5ldy1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU3RvcCB8IE91dC1OdWxsOyBXcml0ZS1Ib3N0ICdTdWNjZXNzZnVsbHkgY3JlYXRlZCByZWdpc3RyeSBrZXkuJzsgfSBjYXRjaCB7IHRocm93IFwiXlwiXCJGYWlsZWQgdG8gY3JlYXRlIHJlZ2lzdHJ5IGtleTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyB9OyB9OyAkY3VycmVudERhdGEgPSBHZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAkcGF0aCAtTmFtZSAkdmFsdWUgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUgfCBTZWxlY3QtT2JqZWN0IC1FeHBhbmRQcm9wZXJ0eSAkdmFsdWU7IGlmICgkY3VycmVudERhdGEgLWVxICRkYXRhKSB7IFdyaXRlLUhvc3QgJ1NraXBwaW5nLCBubyBjaGFuZ2VzIHJlcXVpcmVkLCB0aGUgcmVnaXN0cnkgZGF0YSBpcyBhbHJlYWR5IGFzIGV4cGVjdGVkLic7IEV4aXQgMDsgfTsgdHJ5IHsgJHR5cGUgPSBzd2l0Y2ggKCRyYXdUeXBlKSB7ICdSRUdfU1onIHsgJ1N0cmluZycgfTsgJ1JFR19EV09SRCcgeyAnRFdvcmQnIH07ICdSRUdfUVdPUkQnIHsgJ1FXb3JkJyB9OyAnUkVHX0VYUEFORF9TWicgeyAnRXhwYW5kU3RyaW5nJyB9OyBkZWZhdWx0IHsgdGhyb3cgXCJeXCJcIkludGVybmFsIHByaXZhY3kkKFtjaGFyXTB4MDAyRSlzZXh5IGVycm9yOiBGYWlsZWQgdG8gZmluZCBkYXRhIHR5cGUgZm9yOiAnJHJhd1R5cGUnLlwiXlwiXCI7IH07IH07IFNldC1JdGVtUHJvcGVydHkgLUxpdGVyYWxQYXRoICRwYXRoIC1OYW1lICR2YWx1ZSAtVmFsdWUgJGRhdGEgLVR5cGUgJHR5cGUgLUZvcmNlIC1FcnJvckFjdGlvbiBTdG9wOyBXcml0ZS1Ib3N0ICdTdWNjZXNzZnVsbHkgcmVzdG9yZWQgdGhlIHJlZ2lzdHJ5IHZhbHVlLic7IH0gY2F0Y2ggeyB0aHJvdyBcIl5cIlwiRmFpbGVkIHRvIHJlc3RvcmUgdGhlIHZhbHVlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH1cIlxuOjogUmVzdG9yZSBmaWxlcyBtYXRjaGluZyBwYXR0ZXJuOiBcIiVTWVNURU1ST09UJVxcU3lzdGVtMzJcXENvbmZpZ1xcZWxhbVwiICBcblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCIkcmV2ZXJ0ID0gJHRydWU7ICRwYXRoR2xvYlBhdHRlcm4gPSBcIl5cIlwiJVNZU1RFTVJPT1QlXFxTeXN0ZW0zMlxcQ29uZmlnXFxlbGFtLk9MRFwiXlwiXCI7ICRleHBhbmRlZFBhdGggPSBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHBhdGhHbG9iUGF0dGVybik7IFdyaXRlLUhvc3QgXCJeXCJcIlNlYXJjaGluZyBmb3IgaXRlbXMgbWF0Y2hpbmcgcGF0dGVybjogYFwiXlwiXCIkKCRleHBhbmRlZFBhdGgpYFwiXlwiXCIuXCJeXCJcIjsgJHJlbmFtZWRDb3VudCAgID0gMDsgJHNraXBwZWRDb3VudCAgID0gMDsgJGZhaWxlZENvdW50ICAgID0gMDsgJGZvdW5kQWJzb2x1dGVQYXRocyA9IEAoKTsgdHJ5IHsgJGZvdW5kQWJzb2x1dGVQYXRocyArPSBAKDsgR2V0LUl0ZW0gLVBhdGggJGV4cGFuZGVkUGF0aCAtRXJyb3JBY3Rpb24gU3RvcCB8IFNlbGVjdC1PYmplY3QgLUV4cGFuZFByb3BlcnR5IEZ1bGxOYW1lOyApOyB9IGNhdGNoIFtTeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uLkl0ZW1Ob3RGb3VuZEV4Y2VwdGlvbl0geyA8IyBTd2FsbG93LCBkbyBub3QgcnVuIGBUZXN0LVBhdGhgIGJlZm9yZSwgaXQncyB1bnJlbGlhYmxlIGZvciBnbG9icyByZXF1aXJpbmcgZXh0cmEgcGVybWlzc2lvbnMgIz47IH07ICRmb3VuZEFic29sdXRlUGF0aHMgPSAkZm91bmRBYnNvbHV0ZVBhdGhzIHwgU2VsZWN0LU9iamVjdCAtVW5pcXVlIHwgU29ydC1PYmplY3QgLVByb3BlcnR5IHsgJF8uTGVuZ3RoIH0gLURlc2NlbmRpbmc7IGlmICghJGZvdW5kQWJzb2x1dGVQYXRocykgeyBXcml0ZS1Ib3N0ICdTa2lwcGluZywgbm8gaXRlbXMgYXZhaWxhYmxlLic7IGV4aXQgMDsgfTsgV3JpdGUtSG9zdCBcIl5cIlwiSW5pdGlhdGluZyBwcm9jZXNzaW5nIG9mICQoJGZvdW5kQWJzb2x1dGVQYXRocy5Db3VudCkgaXRlbXMgZnJvbSBgXCJeXCJcIiRleHBhbmRlZFBhdGhgXCJeXCJcIi5cIl5cIlwiOyBmb3JlYWNoICgkcGF0aCBpbiAkZm91bmRBYnNvbHV0ZVBhdGhzKSB7IGlmIChUZXN0LVBhdGggLVBhdGggJHBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTa2lwcGluZyBmb2xkZXIgKG5vdCBpdHMgY29udGVudHMpOiBgXCJeXCJcIiRwYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHNraXBwZWRDb3VudCsrOyBjb250aW51ZTsgfTsgaWYoJHJldmVydCAtZXEgJHRydWUpIHsgaWYgKC1ub3QgJHBhdGguRW5kc1dpdGgoJy5PTEQnKSkgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTa2lwcGluZyBub24tYmFja3VwIGZpbGU6IGBcIl5cIlwiJHBhdGhgXCJeXCJcIi5cIl5cIlwiOyAkc2tpcHBlZENvdW50Kys7IGNvbnRpbnVlOyB9OyB9IGVsc2UgeyBpZiAoJHBhdGguRW5kc1dpdGgoJy5PTEQnKSkgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTa2lwcGluZyBiYWNrdXAgZmlsZTogYFwiXlwiXCIkcGF0aGBcIl5cIlwiLlwiXlwiXCI7ICRza2lwcGVkQ291bnQrKzsgY29udGludWU7IH07IH07ICRvcmlnaW5hbEZpbGVQYXRoID0gJHBhdGg7IFdyaXRlLUhvc3QgXCJeXCJcIlByb2Nlc3NpbmcgZmlsZTogYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiLlwiXlwiXCI7IGlmICgtTm90IChUZXN0LVBhdGggJG9yaWdpbmFsRmlsZVBhdGgpKSB7IFdyaXRlLUhvc3QgXCJeXCJcIlNraXBwaW5nLCBmaWxlIGBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhgXCJeXCJcIiBub3QgZm91bmQuXCJeXCJcIjsgJHNraXBwZWRDb3VudCsrOyBleGl0IDA7IH07IGlmICgkcmV2ZXJ0IC1lcSAkdHJ1ZSkgeyAkbmV3RmlsZVBhdGggPSAkb3JpZ2luYWxGaWxlUGF0aC5TdWJzdHJpbmcoMCwgJG9yaWdpbmFsRmlsZVBhdGguTGVuZ3RoIC0gNCk7IH0gZWxzZSB7ICRuZXdGaWxlUGF0aCA9IFwiXlwiXCIkKCRvcmlnaW5hbEZpbGVQYXRoKS5PTERcIl5cIlwiOyB9OyB0cnkgeyBNb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoIFwiXlwiXCIkKCRvcmlnaW5hbEZpbGVQYXRoKVwiXlwiXCIgLURlc3RpbmF0aW9uIFwiXlwiXCIkbmV3RmlsZVBhdGhcIl5cIlwiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU3RvcDsgV3JpdGUtSG9zdCBcIl5cIlwiU3VjY2Vzc2Z1bGx5IHByb2Nlc3NlZCBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHJlbmFtZWRDb3VudCsrOyB9IGNhdGNoIHsgV3JpdGUtRXJyb3IgXCJeXCJcIkZhaWxlZCB0byByZW5hbWUgYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiIHRvIGBcIl5cIlwiJG5ld0ZpbGVQYXRoYFwiXlwiXCI6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpXCJeXCJcIjsgJGZhaWxlZENvdW50Kys7IH07IH07IGlmICgoJHJlbmFtZWRDb3VudCAtZ3QgMCkgLW9yICgkc2tpcHBlZENvdW50IC1ndCAwKSkgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTdWNjZXNzZnVsbHkgcHJvY2Vzc2VkICRyZW5hbWVkQ291bnQgaXRlbXMgYW5kIHNraXBwZWQgJHNraXBwZWRDb3VudCBpdGVtcy5cIl5cIlwiOyB9OyBpZiAoJGZhaWxlZENvdW50IC1ndCAwKSB7IFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byBwcm9jZXNzICQoJGZhaWxlZENvdW50KSBpdGVtcy5cIl5cIlwiOyB9XCIi

Help

How to apply or restore "Disable Defender Antivirus boot driver" using commands

≈ 2 min to complete
Tools: Command Prompt
Difficulty: Medium
≈ 3 instructions

View step-by-step guide with screenshots

1
Open Command Prompt
Open Command Prompt as Administrator.
2
Copy code
Copy the code:
Copy Apply Code Copy Revert Code
3
Paste & run
Paste the commands into Command Prompt and press Enter to run.
Some changes require a system restart to take effect

Similar Guides

Wider Goal

Guides below includes this guide to achieve a wider goal.

Disable system modification restrictions
Disable Defender
Privacy over security

This category disables features that restrict system modifications in Windows. This enables deeper system modifications, enhancing privacy by allowing th...

— Disable system modification restrictions

Same Goal

Other guides in Disable system modification restrictions

Disable Defender System Guard

Disable Defender Antivirus minifilter driver

Disable security event monitoring

Disable Secure Boot driver

Disable Tamper Protection

Disable virtualization-based security (VBS)

About the Creators

These people have authored this documentation and written its scripts:

undergroundwires
- Certified security professional
- 7+ years experience securing banks
- Open-source developer since 2005
- EU advisor, Public Speaker, Moderator
Open-Source Contributors
- Hundreds across the globe
- Testers, reviewers, developers
- Companies, military agencies
- Community since 2017

About Us

Reviewed By

This guide has undergone comprehensive auditing and peer review:

Expert review by undergroundwires
- Verified technical accuracy and editorial standards
- Assessed system impact and user privacy risks
- Audited and verified using automated security tests
Public review by large community
- Privacy enthusiasts and professionals peer-reviewed
- Millions of end-users tested across different environments
- Audited and verified using third-party security software

History

We continually monitor our guides, their impact and other potential privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.

Review Change History Our Change Process

Overview​

Technical Details​

Overview of default service statuses​

Increased Privacy

Decreased Security

Apply Now​

Download script​

How to apply or restore "Disable Defender Antivirus boot driver" using script​

Download

Keep the file

Open

Exit

Restart

Apply with privacy.sexy​

How to apply or restore "Disable Defender Antivirus boot driver" using privacy.sexy​

Open or download

Choose script

Run

Run commands​

How to apply or restore "Disable Defender Antivirus boot driver" using commands​

Open Command Prompt

Copy code

Paste & run

Similar Guides​

Wider Goal​

Same Goal​

About the Creators​

Reviewed By​

Expert review by undergroundwires​

Public review by large community​

History​

Overview

Technical Details

Overview of default service statuses

Apply Now

Download script

How to apply or restore "Disable Defender Antivirus boot driver" using script

Apply with privacy.sexy

How to apply or restore "Disable Defender Antivirus boot driver" using privacy.sexy

Run commands

How to apply or restore "Disable Defender Antivirus boot driver" using commands

Similar Guides

Wider Goal

Same Goal

About the Creators

Reviewed By

Expert review by undergroundwires

Public review by large community

History