File tree Expand file tree Collapse file tree 1 file changed +24
-0
lines changed
Expand file tree Collapse file tree 1 file changed +24
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ Name : XBootMgrSleep.exe
3+ Description : Windows Performance Toolkit binary used for tracing and analyzing system performance during sleep and resume transitions.
4+ Author : Avihay Eldad
5+ Created : 2024-06-13
6+ Commands :
7+ - Command : xbootmgrsleep.exe 1000 "{CMD}"
8+ Description : Execute a command with XBootMgrSleep as a parent process, with a 1 second (=1000 milliseconds) delay.
9+ Usecase : Performs execution of specified command, can be used as a defense evasion
10+ Category : Execute
11+ Privileges : User
12+ MitreID : T1202
13+ OperatingSystem : Windows
14+ Tags :
15+ - Execute : CMD
16+ Full_Path :
17+ - Path : C:\Program Files\Windows Kits\10\Windows Performance Toolkit\xbootmgrsleep.exe
18+ - Path : C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\xbootmgrsleep.exe
19+ Resources :
20+ - Link : https://learn.microsoft.com/en-us/previous-versions/windows/desktop/xperf/reference
21+ Acknowledgement :
22+ - Person : Avihay Eldad
23+ Handle : ' @AvihayEldad'
24+ ---
You can’t perform that action at this time.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments