# EventLog Query

- [Query for Process execution from unusual directories](/blugenie/artifacts/tactical-artifacts-by-category/eventlog-query/query-for-process-execution-from-unusual-directories.md): AID2201222048.yaml
- [Query suspicious programs processed by the Task Scheduler using the Event Log](/blugenie/artifacts/tactical-artifacts-by-category/eventlog-query/query-suspicious-programs-processed-by-the-task-scheduler-using-the-event-log.md): AID2201251952.YAML
- [Query for unusual instances of rundll32.exe via the Event Log](/blugenie/artifacts/tactical-artifacts-by-category/eventlog-query/query-for-unusual-instances-of-rundll32.exe-via-the-event-log.md)
- [Query for Unusual Instances of rundll32.exe making outbound network connections using SysMon Data](/blugenie/artifacts/tactical-artifacts-by-category/eventlog-query/query-for-unusual-instances-of-rundll32.exe-making-outbound-network-connections-using-sysmon-data.md): AID2201251645.YAML
- [Query Suspicious Powershell Command Line Executions](/blugenie/artifacts/tactical-artifacts-by-category/eventlog-query/query-suspicious-powershell-command-line-executions.md): AID2201251845.YAML
- [Query the Windows System Log for 104, 517, 1102](/blugenie/artifacts/tactical-artifacts-by-category/eventlog-query/query-the-windows-system-log-for-104-517-1102.md): AID2201232238.YAML