Windows

Appvlp.exeAppvlp.exe

Platform
Windows
Abuse functions
2
Mapped techniques
1

Description

Appvlp.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Appvlp.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

ExecuteT1218

Execution of BAT file hosted on Webdav server.

ExecuteT1218

Local execution of process bypassing Attack Surface Reduction (ASR).

MITRE ATT&CK techniques· 1

T1218

Uses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont1218100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
AppLauncher.exe
LOLbin
vsls-agent.exe
LOLbin
SyncAppvPublishingServer.exe
LOLbin
AppCert.exe
LOLbin
Eventvwr.exe
LOLbin
Provlaunch.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.