You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tuning of this rule by adding pe.original_file_name and also adding wevtutil arg /e:false that can be used to disable tracing (e.g. LockerGoga ransomware disables WMI ETW using this command). Example of KQL:
