---
Name: PresentationHost.exe
Description: Execute
Author: ''
Created: '2018-05-25'
Categories: []
Commands:
  - Command: Presentationhost.exe C:\temp\Evil.xbap
    Description: Executes the target XAML Browser Application (XBAP) file.
Full Path:
  - 'c:\windows\system32\PresentationHost.exe     '
  - 'c:\windows\sysWOW64\PresentationHost.exe    '
Code Sample: []
Detection: []
Resources:
  - https://github.com/api0cradle/ShmooCon-2015/blob/master/ShmooCon-2015-Simple-WLEvasion.pdf
  - https://oddvar.moe/2017/12/21/applocker-case-study-how-insecure-is-it-really-part-2/
Notes: Thanks to Casey Smith - @subtee