Which Meterpreter command alters dates and timestamps associated with files in NTFS partitions?

Altering file timestamps on NTFS partitions involves changing the metadata that records when a file was created, last modified, and last accessed. NTFS stores these times in the file’s MFT entry, so a tool that can rewrite those timestamps can make a file appear to have been created or modified at a different moment, which helps shape an attacker’s or tester’s activity timeline and evade time-based detection. The Meterpreter command that performs this is timestomp. It enables you to set the creation, modification, and access times for files, effectively reshaping their timestamp trail. This capability is especially useful for avoiding detection in logs and timeline analyses that rely on file history. The other commands shown perform different tasks: one dumps password hashes from memory, another displays network configuration, and the last one adjusts routing information. None of these alter NTFS file timestamps.