Update _ransom_cmd.md

albertzsigovits · Jul 5, 2024 · fc37d00 · fc37d00
1 parent 5588989
commit fc37d00
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/Ransomware/_ransom_cmd.md b/Ransomware/_ransom_cmd.md
@@ -6,6 +6,10 @@ Most common OS commands executed by ransomware
 - bcdedit /set {default} recoveryenabled no
 - bcdedit /set {current} safeboot minimal
 
+## Fsutil
+- fsutil usn deletejournal
+- fsutil file setZeroData offset=
+
 ## Netsh
 - netsh advfirewall set currentprofile state off
 - netsh firewall set opmode disable
@@ -33,4 +37,4 @@ Most common OS commands executed by ransomware
 
 ## Wmic
 - wmic shadowcopy /nointeractive
-- wmic shadowcopy delete
+- wmic shadowcopy delete