IOC: OfflineScannerShell.exe should not be run on a normal workstation
Execute
Execute mpclient.dll library in the current working directory
OfflineScannerShell
Usecase: Can be used to evade defensive countermeasures or to hide as a persistence mechanism
Privileges required: Administrator
OS: Windows 10
MITRE ATT&CK®: T1218