drop mft csv or file listing · detect dll files placed in application directories to shadow system dlls · identify dll search order hijacking artifacts · surface ghost dlls that loaded instead of legitimate system libraries · runs locally
mft / file listing csv
drop mft or file listing csv
or click
MFTECmd / file-tree export · pairs executables with co-located hijackable DLLs · flags system DLL masquerades and ghost placements
drop mft csv or file listing csv (multiple files ok)