.. / OfflineScannerShell.exe
Star

Windows Defender Offline Shell


Paths:

Acknowledgements:

Detection:

Execute

Execute mpclient.dll library in the current working directory
OfflineScannerShell
Usecase: Can be used to evade defensive countermeasures or to hide as a persistence mechanism
Privileges required: Administrator
OS: Windows 10
MITRE ATT&CK®: T1218