mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2025-09-08 01:06:10 +02:00
34 lines
1.3 KiB
YAML
34 lines
1.3 KiB
YAML
---
|
|
Name: XBootMgr.exe
|
|
Description: Windows Performance Toolkit binary used to start performance traces.
|
|
Author: Avihay Eldad
|
|
Created: 2025-07-10
|
|
Commands:
|
|
- Command: xbootmgr.exe -trace "{boot|hibernate|standby|shutdown|rebootCycle}" -callBack {PATH:.exe}
|
|
Description: Executes an executable after the trace is complete using the callBack parameter.
|
|
Usecase: Executes code as part of post-trace automation flow.
|
|
Category: Execute
|
|
Privileges: Administrator
|
|
MitreID: T1202
|
|
OperatingSystem: Windows
|
|
Tags:
|
|
- Execute: EXE
|
|
- Command: xbootmgr.exe -trace "{boot|hibernate|standby|shutdown|rebootCycle}" -preTraceCmd {PATH:.exe}
|
|
Description: Executes an executable before each trace run using the preTraceCmd parameter.
|
|
Usecase: Executes code as part of pre-trace automation or staging.
|
|
Category: Execute
|
|
Privileges: Administrator
|
|
MitreID: T1202
|
|
OperatingSystem: Windows
|
|
Tags:
|
|
- Execute: EXE
|
|
Full_Path:
|
|
- Path: C:\Program Files\Windows Kits\10\Windows Performance Toolkit\xbootmgr.exe
|
|
- Path: C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\xbootmgr.exe
|
|
Resources:
|
|
- Link: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/xperf/reference
|
|
Acknowledgement:
|
|
- Person: Avihay Eldad
|
|
Handle: '@AvihayEldad'
|
|
- Person: Tommy Warren
|