⚠️ Security Warning

ClickFix lures can lead to malware and computer viruses. If you see text like this online, it's likely a scam.

Back to Techniques

FileFix (Explorer address bar)

FileFix is a social-engineering lure that coerces users to paste a crafted string into the File Explorer address bar. The visible portion looks like a file path, but the copied content contains a hidden command (e.g., PowerShell) which executes when submitted.

windows gui CLI File Explorer GUI

Explorer address bar coercion

Try Example
File Explorer CLI

Demonstration only. Do not use real payloads. The goal is user education and detection validation. Use a harmless echo.

  1. Open File Explorer

  2. Copy this benign demo string: powershell -nop -c echo DEMO

  3. Click the Explorer address bar, paste, and press Enter

  4. Observe a harmless console window printing DEMO

References:

Mitigations:

  • User education: never paste commands into Explorer address bar

  • Detect explorer.exe spawning powershell.exe/cmd.exe

Contributor: ClickGrab (2025-09-16)

Control Panel and MMC address bar

Try Example
File Explorer GUI

The same address-bar behavior exists in Control Panel and many MMC shells. Use an ultra-safe demo (opens Notepad). For education only.

  1. Open Control Panel (or an MMC console)

  2. Click the address bar

  3. Paste: notepad and press Enter

  4. Notepad opens

Contributor: ClickGrab (2025-09-16)

Explorer address bar stego demo

Try Example
File Explorer CLI

Validate detections for FileFix + image parsing in PowerShell. This uses only benign inline data. Do not replace with live payloads.

  1. Open File Explorer

  2. Click the address bar

  3. Paste the benign command and press Enter

References:

Mitigations:

  • Educate users: never paste commands into Explorer’s address bar

  • Detect explorer.exe spawning powershell.exe with image APIs (System.Drawing)

  • Alert on PowerShell downloading images followed by decoding/MemoryStream usage

Contributor: ClickGrab (2025-09-17)