search

georgeneokq / artifact-exterminator

Simple, flexible command-line tool for conducting anti-forensics (for research purposes only)
0 stars 0 forks source link

Feat: Erase ShimCache entries in ControlSet001 #29

Closed georgeneokq closed 1 year ago

georgeneokq commented 1 year ago

There is a backup of the shimcache located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache