From df9d6f886420366dd771f00b44678f0d5ff4cb7f Mon Sep 17 00:00:00 2001
From: Mark <148797232+MarkCyber@users.noreply.github.com>
Date: Tue, 21 May 2024 14:45:00 -0400
Subject: [PATCH] Create RansomwareSimCleanup.txt

---
 .../RansomwareSimCleanup.txt                  | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt

diff --git a/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt b/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt
new file mode 100644
index 00000000..c2d5af81
--- /dev/null
+++ b/BadUSB/MarkCyber-BadUSB/RansomwareSimulation/RansomwareSimCleanup.txt
@@ -0,0 +1,61 @@
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%                           This script was created by github.com/MarkCyber                          %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%                        This is a follow-up script to the RansomwareSimulation                      %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%       Running this renames all extensions back to their original, full path- making them usable    %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%                              This can be ran multiple times if necessary                           %%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+DELAY 1000
+GUI r
+DELAY 2000
+STRING powershell
+ENTER
+REM increased delays to make sure each command can go through even on slower computers
+DELAY 6000
+REM Define the locations using correct SpecialFolder enumerations
+STRING $folders = @(
+DELAY 1000
+ENTER
+DELAY 1000
+STRING [System.Environment+SpecialFolder]::Desktop,
+DELAY 1000
+ENTER
+DELAY 2000
+STRING [System.Environment+SpecialFolder]::MyPictures,
+DELAY 1000
+ENTER
+DELAY 2000
+STRING [System.Environment+SpecialFolder]::MyMusic,
+DELAY 1000
+ENTER
+DELAY 2000
+STRING [System.Environment+SpecialFolder]::Downloads
+DELAY 1000
+ENTER
+DELAY 2000
+STRING )
+DELAY 1000
+ENTER
+DELAY 3000
+REM Iterate over each location
+STRING foreach ($folder in $folders) {
+DELAY 1000
+ENTER
+DELAY 1000
+STRING $path = [Environment]::GetFolderPath($folder)
+DELAY 1000
+ENTER
+DELAY 4000
+REM Get all .locked files in the path and rename them back
+STRING Get-ChildItem -Path $path -File | Where-Object { $_.Name.EndsWith('.locked') } | ForEach-Object { Rename-Item -Path $_.FullName -NewName ($_.Name -replace '\.locked$', '') }
+DELAY 2000
+ENTER
+DELAY 5000
+STRING }
+DELAY 1000
+ENTER
+DELAY 4000
+STRING exit
+DELAY 1000
+ENTER