This query returns events where a script interpreter (cscript.exe, wscript.exe or mshta.exe) was executed from a Web browser process. The logic here is similar from the one from Day 11 query, however, ...
This is an undesirable program. This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.
This is an undesirable program. This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.
DISCLAIMER - I'm currently sick and fighting sleepiness as I post this. As usual, I'll enhance that page with more information when I get better/get back. For now, consider this as a hunting query.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback