Potential Mpclient.DLL Sideloading Via OfflineScannerShell.EXE Execution (02b18447-ea83-4b1b-8805-714a8a34546a)
Detects execution of Windows Defender "OfflineScannerShell.exe" from its non standard directory. The "OfflineScannerShell.exe" binary is vulnerable to DLL side loading and will load any DLL named "mpclient.dll" from the current working directory.