Triage: Execute!

Many environments are instrumented to log Process Execution Events, and ours is no different.
We’ll move over to this data source to see if anything untoward has been executed on the
victim's host.

Key: Set time scope to 09/01/2019 -> 01/01/2022

//Query 8//
We found an interesting file that was created after our suspicious document, did it do
anything? (after 2022-01-09 07:59:33.749981)

tag=envolvelabs2-ProcessEvents ax hostname=="4AHX-DESKTOP"
| sort by time asc
| table

TOP