public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-13 15:29:05 +01:00
Code Issues Projects Releases Wiki Activity

Add xbootmgrsleep.yml

Browse Source
This commit is contained in:
Avihay Eldad 2024-06-13 10:58:16 +03:00 committed by GitHub
parent 2cc0ee99e6
commit 49b9544a79
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
yml/OtherMSBinaries/XBootMgrSleep.yml Normal file
View File

@ -0,0 +1,22 @@
---
Name: XBootMgrSleep.exe
Description: Windows Performance Toolkit binary used for tracing and analyzing system performance during sleep and resume transitions.
Author: Avihay Eldad
Created: 2024-06-13
Commands:
- Command: xbootmgrsleep.exe <delay> calc
Description: Execute an executable file with XBootMgrSleep as a parent process.
Usecase: Performs execution of specified file, can be used as a defense evasion
Category: Execute
Privileges: User
MitreID: T1202
OperatingSystem: Windows
Full_Path:
- Path: C:\Program Files\Windows Kits\10\Windows Performance Toolkit\xbootmgrsleep.exe
- Path: C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\xbootmgrsleep.exe
Resources:
- Link: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/xperf/reference
Acknowledgement:
- Person: Avihay Eldad
Handle: '@AvihayEldad'