From e6f93586287d6abe64e719b98c43967455e91cdf Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Mon, 20 May 2024 11:31:01 -0400 Subject: [PATCH] Update 1.1. RansomwareSimulationCleanup --- 1.1. RansomwareSimulationCleanup | 57 +++++++++++++++++++++++++++----- 1 file changed, 48 insertions(+), 9 deletions(-) diff --git a/1.1. RansomwareSimulationCleanup b/1.1. RansomwareSimulationCleanup index 1a73601..766fe5a 100644 --- a/1.1. RansomwareSimulationCleanup +++ b/1.1. RansomwareSimulationCleanup @@ -3,20 +3,59 @@ REM ################ This script was created by github.com REM ################ This is a follow-up script to the RansomwareSimulation ############ REM ################ This script is to revert all changes from the RansomwareSimulation script ############ REM ######################################################################################################################### - -DELAY 500 +DELAY 1000 GUI r -DELAY 100 -STRING powershell -Command "Start-Process powershell -Verb runAs" +DELAY 2000 +STRING powershell ENTER -DELAY 500 -ALT y -DELAY 500 +DELAY 6000 -REM Revert file renamings in specified locations, removing .locked from all files -STRING $locations = @('MyDocuments', 'Desktop', 'Pictures', 'Music'); foreach ($loc in $locations) { $path = [Environment]::GetFolderPath($loc); Get-ChildItem -Path $path -File | Where-Object { $_.Extension -eq '.locked' } | Rename-Item -NewName {$_.Name.Replace('.locked', '')} } +REM Define the locations using correct SpecialFolder enumerations +STRING $folders = @( +DELAY 1000 ENTER DELAY 1000 +STRING [System.Environment+SpecialFolder]::Desktop, +DELAY 1000 +ENTER +DELAY 2000 +STRING [System.Environment+SpecialFolder]::MyPictures, +DELAY 1000 +ENTER +DELAY 2000 +STRING [System.Environment+SpecialFolder]::MyMusic, +DELAY 1000 +ENTER +DELAY 2000 +STRING [System.Environment+SpecialFolder]::Downloads +DELAY 1000 +ENTER +DELAY 2000 +STRING ) +DELAY 1000 +ENTER +DELAY 3000 + +REM Iterate over each location +STRING foreach ($folder in $folders) { +DELAY 1000 +ENTER +DELAY 1000 +STRING $path = [Environment]::GetFolderPath($folder) +DELAY 1000 +ENTER +DELAY 4000 + +REM Get all .locked files in the path and rename them back +STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') } +DELAY 2000 +ENTER +DELAY 5000 +STRING } +DELAY 1000 +ENTER +DELAY 4000 STRING exit +DELAY 1000 ENTER