.. /XBootMgrSleep.exe
Star

Windows Performance Toolkit binary used for tracing and analyzing system performance during sleep and resume transitions.

Paths:

C:\Program Files\Windows Kits\10\Windows Performance Toolkit\xbootmgrsleep.exe
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\xbootmgrsleep.exe

Resources:

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/xperf/reference

Acknowledgements:

Avihay Eldad (@AvihayEldad)

Execute

Execute a command with XBootMgrSleep as a parent process, with a 1 second (=1000 milliseconds) delay.
```
xbootmgrsleep.exe 1000 "{CMD}"
```
Use case
Performs execution of specified command, can be used as a defense evasion

Privileges required
User

Operating systems
Windows

ATT&CK® technique
T1202
Tags
Execute: CMD