Cmd Launched with Hidden Start Flags to Suspicious Targets (5a6b7c8d-9e0f-1a2b-3c4d-5e6f7a8b9c0d)
Detects cmd.exe executing commands with the "start" utility using "/b" (no window) or "/min" (minimized) flags. To reduce false positives from standard background tasks, detection is restricted to scenarios where the target is a known script extension or located in suspicious temporary/public directories. This technique was observed in Chaos, DarkSide, and Emotet malware campaigns.