From 5ef66e4d9c2487e77ece9d1a67dea9e72e7ed5df Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Sun, 21 Sep 2025 10:53:01 +0300
Subject: [PATCH 1/2] Create Pixtool.yml

---
 yml/OtherMSBinaries/Pixtool.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 yml/OtherMSBinaries/Pixtool.yml

diff --git a/yml/OtherMSBinaries/Pixtool.yml b/yml/OtherMSBinaries/Pixtool.yml
new file mode 100644
index 00000000..7ede8379
--- /dev/null
+++ b/yml/OtherMSBinaries/Pixtool.yml
@@ -0,0 +1,23 @@
+---
+Name: Pixtool.exe
+Description: Command line utility for taking and analyzing PIX GPU captures.
+Author: Avihay Eldad
+Created: 2025-09-21
+Commands:
+  - Command: pixtool.exe launch <exe>
+    Description: Launches an executable via PIX command line utility.
+    Usecase: Executes an executable under a trusted microsoft signed binary.
+    Category: Execute
+    Privileges: User
+    MitreID: T1127
+    OperatingSystem: Windows
+    Tags:
+      - Execute: EXE
+Full_Path:
+  - Path: C:\Program Files\Microsoft PIX\pixtool.exe
+  - Path: C:\Program Files (x86)\Microsoft PIX\pixtool.exe
+Resources:
+  - Link: https://devblogs.microsoft.com/pix/pixtool/
+Acknowledgement:
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'

From 22dc3cfed827bbbf7b3379e8205ceace523a93c2 Mon Sep 17 00:00:00 2001
From: Wietze <wietze@users.noreply.github.com>
Date: Mon, 29 Sep 2025 21:46:14 +0100
Subject: [PATCH 2/2] Update Pixtool.yml

---
 yml/OtherMSBinaries/Pixtool.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yml/OtherMSBinaries/Pixtool.yml b/yml/OtherMSBinaries/Pixtool.yml
index 7ede8379..5860c66f 100644
--- a/yml/OtherMSBinaries/Pixtool.yml
+++ b/yml/OtherMSBinaries/Pixtool.yml
@@ -4,9 +4,9 @@ Description: Command line utility for taking and analyzing PIX GPU captures.
 Author: Avihay Eldad
 Created: 2025-09-21
 Commands:
-  - Command: pixtool.exe launch <exe>
-    Description: Launches an executable via PIX command line utility.
-    Usecase: Executes an executable under a trusted microsoft signed binary.
+  - Command: pixtool.exe launch {PATH_ABSOLUTE:.exe}
+    Description: Launches an executable via PIX command-line utility.
+    Usecase: Executes an executable under a trusted, Microsoft signed binary.
     Category: Execute
     Privileges: User
     MitreID: T1127