diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md index a9612cc..49ba33c 100644 --- a/malware-tech_ref_and_memo.md +++ b/malware-tech_ref_and_memo.md @@ -464,12 +464,22 @@ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp dig whoami.akamai.net @ns1-1.akamaitech.net ``` -# Delete Data +# Deleting, Disabling, Exiting, Killing, Terminating ## Delete Volume Shadow - ランサムウェアはバックアップからの復元を防ぐためにvolume shadowを削除することが多い ``` vssadmin Delete Shadows /All /Quiet ``` +## Delete Service +``` +sc delete +``` +## Kill Task +``` +taskkill -f -im +``` +## Terminate Process +- TerminateProcess APIの使用 # maldoc ## Obfuscation/Encryption