Tag
Adversaries may use vaultcmd.exe to list credentials stored in the Windows Credential Manager to gain unauthorized access to saved usernames and passwords, potentially in preparation for lateral movement.