EventLog Query
Here are the articles in this section:
Query for Process execution from unusual directories
Query suspicious programs processed by the Task Scheduler using the Event Log
Query for unusual instances of rundll32.exe via the Event Log
Query for Unusual Instances of rundll32.exe making outbound network connections using SysMon Data
Query Suspicious Powershell Command Line Executions
Query the Windows System Log for 104, 517, 1102