~/Privilege Escalation/Windows/Binaries# cat Mftrace.exe.md █
Trace log generation tool for Media Foundation Tools.
Paths:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64
C:\Program Files (x86)\Windows Kits\10\bin\x86
C:\Program Files (x86)\Windows Kits\10\bin\x64
Detection:
Execute
Launch cmd.exe as a subprocess of Mftrace.exe.
Mftrace.exe cmd.exe
Launch cmd.exe as a subprocess of Mftrace.exe.
Mftrace.exe powershell.exe