This TTP will create a notepad process and hijack one of the threads. The hijacked thread will be suspended and have its instruction pointer changed to the address of the shellcode; when the thread is resumed, `calc.exe` will be launched.
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.