From 94882c747bc4fd200097ea62a49b1c93ef00e7d1 Mon Sep 17 00:00:00 2001
From: Mark <148797232+MarkCyber@users.noreply.github.com>
Date: Mon, 13 May 2024 11:31:37 -0400
Subject: [PATCH] Create 1.1. RansomwareSimulationCleanup

---
 1.1. RansomwareSimulationCleanup | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 1.1. RansomwareSimulationCleanup

diff --git a/1.1. RansomwareSimulationCleanup b/1.1. RansomwareSimulationCleanup
new file mode 100644
index 0000000..82b37a8
--- /dev/null
+++ b/1.1. RansomwareSimulationCleanup	
@@ -0,0 +1,23 @@
+REM This Script Is To Revert All Changes From The RansomwareSimulation Script
+
+DELAY 500
+GUI r
+DELAY 100
+STRING powershell -Command "Start-Process powershell -Verb runAs"
+ENTER
+DELAY 500
+ALT y
+DELAY 500
+
+REM Attempt to re-enable Task Manager, proceed regardless of the outcome
+STRING $regPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System'; $regName = 'DisableTaskMgr'; Set-ItemProperty -Path $regPath -Name $regName -Value 0
+ENTER
+DELAY 500
+
+REM Revert file renamings, continue regardless of previous success
+STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); Get-ChildItem -Path $path -File | Where-Object { $_.Extension -eq '.locked' } | Rename-Item -NewName {$_.Name.Replace('.locked', '')} }
+ENTER
+DELAY 1000
+
+STRING exit
+ENTER