search

EventLog Query

Query for Process execution from unusual directorieschevron-rightQuery suspicious programs processed by the Task Scheduler using the Event Logchevron-rightQuery for unusual instances of rundll32.exe via the Event Logchevron-rightQuery for Unusual Instances of rundll32.exe making outbound network connections using SysMon Datachevron-rightQuery Suspicious Powershell Command Line Executionschevron-rightQuery the Windows System Log for 104, 517, 1102chevron-right
PreviousQuery Autorun locations for any item nested that is not digitally signedNextQuery for Process execution from unusual directories

Last updated