LOLBAS/Archive-Old-Version/OSBinaries/Forfiles.exe.md

833 B

Forfiles.exe

  • Functions: Execute, Read ADS

forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe
Executes calc.exe since there is a match for notepad.exe in the c:\\windows\\System32 folder.

forfiles /p c:\windows\system32 /m notepad.exe /c "c:\folder\normal.dll:evil.exe"
Executes the evil.exe Alternate Data Stream (AD) since there is a match for notepad.exe in the c:\\windows\\system32 folder.