From fc37d00bb68680ec9c301a1f1c729d3b3adcbafe Mon Sep 17 00:00:00 2001
From: Albert Zsigovits <45513754+albertzsigovits@users.noreply.github.com>
Date: Fri, 5 Jul 2024 09:31:49 +0200
Subject: [PATCH] Update _ransom_cmd.md

---
 Ransomware/_ransom_cmd.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Ransomware/_ransom_cmd.md b/Ransomware/_ransom_cmd.md
index 3e3f802..faa9a3e 100644
--- a/Ransomware/_ransom_cmd.md
+++ b/Ransomware/_ransom_cmd.md
@@ -6,6 +6,10 @@ Most common OS commands executed by ransomware
 - bcdedit /set {default} recoveryenabled no
 - bcdedit /set {current} safeboot minimal
 
+## Fsutil
+- fsutil usn deletejournal
+- fsutil file setZeroData offset=
+
 ## Netsh
 - netsh advfirewall set currentprofile state off
 - netsh firewall set opmode disable
@@ -33,4 +37,4 @@ Most common OS commands executed by ransomware
 
 ## Wmic
 - wmic shadowcopy /nointeractive
-- wmic shadowcopy delete
\ No newline at end of file
+- wmic shadowcopy delete