Tag
Adversaries may use the Windows forfiles utility to proxy command execution via a trusted parent process, potentially evading detection.