Create 1.1. RansomwareSimulationCleanup
This commit is contained in:
Mark
@@ -0,0 +1,23 @@
|
||||
REM This Script Is To Revert All Changes From The RansomwareSimulation Script
|
||||
|
||||
DELAY 500
|
||||
GUI r
|
||||
DELAY 100
|
||||
STRING powershell -Command "Start-Process powershell -Verb runAs"
|
||||
ENTER
|
||||
DELAY 500
|
||||
ALT y
|
||||
DELAY 500
|
||||
|
||||
REM Attempt to re-enable Task Manager, proceed regardless of the outcome
|
||||
STRING $regPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System'; $regName = 'DisableTaskMgr'; Set-ItemProperty -Path $regPath -Name $regName -Value 0
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Revert file renamings, continue regardless of previous success
|
||||
STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); Get-ChildItem -Path $path -File | Where-Object { $_.Extension -eq '.locked' } | Rename-Item -NewName {$_.Name.Replace('.locked', '')} }
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
STRING exit
|
||||
ENTER
|
||||
Reference in New Issue
Block a user