Start-Process

PowerShell execution T1059.001

Start one or more processes. Can launch executables with specific arguments, working directories, and window styles.

Binary Paths

Pattern	Wildcards	Notes
`& (gcm Sa-P*ess) -FilePath cmd.exe`	*	Wildcards in verb and noun
`& (gcm Start-Pro*) -FilePath ...`	*	Star matches 'cess'
`& (gcm S?art-Process) -FilePath ...`	?	Single char wildcard replaces 't'
`& (gcm S[s-u]art-Process) -FilePath ...`	[s-u]	Character range matches 't' in Start
`& (gcm *-Process) -FilePath ...`	*	Prefix wildcard
`saps -FilePath cmd.exe`		Built-in alias 'saps' for Start-Process
`start cmd.exe`		Alias 'start' for Start-Process
`& (gal sa?s) cmd.exe`	?	Get-Alias with wildcard resolves 'saps' — sa?s avoids matching 'spps' (Stop-Process)
`& (gcm *rocess) cmd.exe`	*	Short suffix pattern