This rule detects the execution of the extended storage procedure backdoor named Maggie in the context of Microsoft SQL server

Detects the modification of Outlook security setting to allow unprompted execution of macros.

Detects the modification of Outlook setting "LoadMacroProviderOnBoot" which if enabled allows the automatic loading of any configured VBA project/module

Detects the creation of a macro file for Outlook.

Detects the creation of a macro file for Outlook.

Detects the malicious use of a control panel item

The infrastructure for management data and operations that enables local and remote management of Windows personal computers and servers

Detects changes to 'HKCU\Software\Classes\Folder\shell\open\command\DelegateExecute'

Get-Variable is a valid PowerShell cmdlet WindowsApps is by default in the path where PowerShell is executed. So when the Get-Variable command is issued on PowerShell execution, the system first looks for the Get-Variable executable in the path and executes the malicious binary instead of looking for the PowerShell cmdlet.