~/Privilege Escalation/Windows/Binaries# cat Explorer.exe.md █
Binary used for managing files and system components within Windows
Paths:
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
Detection: Multiple instances of explorer.exe or explorer.exe using the /root command line can help to detect this.
Execute
Execute calc.exe with the parent process spawning from a new instance of explorer.exe
explorer.exe /root,"C:\Windows\System32\calc.exe"
Execute calc.exe with the parent process spawning from a new instance of explorer.exe
explorer.exe C:\Windows\System32\notepad.exe