Deleting Shadow Copies In Pure C++

Jan 13, 2023 1 min read

DeleteShadowCopies: Deleting Shadow Copies In Pure C++

After Looking at some of the leaked ransomware code, i noticed that (at least for the samples i’ve seen), that the ransomware is using wmic or vssadmin via command line to delete shadow copies, so out of curiosity i had to look for something else, and thus this repo (so im not helping ransomware authers) …

Example:
  - conti: wmic shadowcopy where "ID='{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}'" delete
  - babuk: vssadmin delete shadows /all /quiet

Demo (Creating):

Demo (Deleting):

Based On vshadow

GitHub

View Github

Scripts

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

Deleting Shadow Copies In Pure C++

DeleteShadowCopies: Deleting Shadow Copies In Pure C++

Demo (Creating):

Demo (Deleting):

Based On vshadow

GitHub

John

Blazingly fast file search library built in Rust

Actions at a distance

DeleteShadowCopies: Deleting Shadow Copies In Pure C++

Demo (Creating):

Demo (Deleting):

Based On vshadow

GitHub

Blazingly fast file search library built in Rust

Actions at a distance

You might also like...