From 02da2c173a05eac174bb17066e7eba7b7844267c Mon Sep 17 00:00:00 2001 From: mether049 Date: Sun, 12 Jul 2020 23:18:38 +0900 Subject: [PATCH] Update malware-tech_ref_and_memo.md --- malware-tech_ref_and_memo.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md index a9612cc..49ba33c 100644 --- a/malware-tech_ref_and_memo.md +++ b/malware-tech_ref_and_memo.md @@ -464,12 +464,22 @@ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp dig whoami.akamai.net @ns1-1.akamaitech.net ``` -# Delete Data +# Deleting, Disabling, Exiting, Killing, Terminating ## Delete Volume Shadow - ランサムウェアはバックアップからの復元を防ぐためにvolume shadowを削除することが多い ``` vssadmin Delete Shadows /All /Quiet ``` +## Delete Service +``` +sc delete +``` +## Kill Task +``` +taskkill -f -im +``` +## Terminate Process +- TerminateProcess APIの使用 # maldoc ## Obfuscation/Encryption