Detects execution of the Add-In deployment cache updating utility (AddInutil.exe) with suspicious Addinroot or Pipelineroot paths. An adversary may execute AddinUtil.exe with uncommon ...
description: Detects the creation of scheduled tasks by user accounts via the "schtasks" utility. # schtasks.exe /Create /tn "Microsoft\Office\Office Performance Monitor" /XML ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results