EventLog Query

Query for Process execution from unusual directories Query suspicious programs processed by the Task Scheduler using the Event Log Query for unusual instances of rundll32.exe via the Event Log Query for Unusual Instances of rundll32.exe making outbound network connections using SysMon Data Query Suspicious Powershell Command Line Executions Query the Windows System Log for 104, 517, 1102

PreviousQuery Autorun locations for any item nested that is not digitally signed NextQuery for Process execution from unusual directories

Last updated 2 years ago