description: The following analytic detects the use of PowerShell to delete shadow copies via the WMIC PowerShell module. It leverages EventCode 4104 and searches for specific keywords like ...
description: The following analytic detects the execution of "mshta.exe" with inline protocol handlers such as "JavaScript", "VBScript", and "About". It leverages data from Endpoint Detection and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results