mirror of
https://github.com/nganhkhoa/malware.git
synced 2024-06-10 21:32:07 +07:00
Update malware-tech_ref_and_memo.md
This commit is contained in:
parent
6acbf7ffee
commit
02da2c173a
@ -464,12 +464,22 @@ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
|
|||||||
dig whoami.akamai.net @ns1-1.akamaitech.net
|
dig whoami.akamai.net @ns1-1.akamaitech.net
|
||||||
```
|
```
|
||||||
|
|
||||||
# Delete Data
|
# Deleting, Disabling, Exiting, Killing, Terminating
|
||||||
## Delete Volume Shadow
|
## Delete Volume Shadow
|
||||||
- ランサムウェアはバックアップからの復元を防ぐためにvolume shadowを削除することが多い
|
- ランサムウェアはバックアップからの復元を防ぐためにvolume shadowを削除することが多い
|
||||||
```
|
```
|
||||||
vssadmin Delete Shadows /All /Quiet
|
vssadmin Delete Shadows /All /Quiet
|
||||||
```
|
```
|
||||||
|
## Delete Service
|
||||||
|
```
|
||||||
|
sc delete
|
||||||
|
```
|
||||||
|
## Kill Task
|
||||||
|
```
|
||||||
|
taskkill -f -im
|
||||||
|
```
|
||||||
|
## Terminate Process
|
||||||
|
- TerminateProcess APIの使用
|
||||||
|
|
||||||
# maldoc
|
# maldoc
|
||||||
## Obfuscation/Encryption
|
## Obfuscation/Encryption
|
||||||
|
Loading…
Reference in New Issue
Block a user