From b2e7ff45877e3abc4def2fdf8f85d20db88ce161 Mon Sep 17 00:00:00 2001 From: jiuweigui Date: Sun, 17 Nov 2013 22:26:30 +0200 Subject: [PATCH] Small change for filetime conversion --- modules/post/windows/gather/enum_prefetch.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index c7436fac8d..b97e80bfe6 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Post path_hash = prefetch_file[hash_offset..hash_offset+4].unpack('h8')[0].reverse.upcase.to_s # Last we get the latest execution time - filetime_a = prefetch_file[filetime_offset..(filetime_offset+16)].unpack('q32') + filetime_a = prefetch_file[filetime_offset..(filetime_offset+16)].unpack('q*') filetime = filetime_a[0] + filetime_a[1] last_exec = Time.at((filetime - 116444736000000000) / 10000000).utc.to_s