Detects the execution of AdvancedRun utility
Detects use of conhost in "headless" mode. By running conhost.exe in "headless" mode, it means that no visible window will pop up on the victim's machine.
Detects suspicious command lines used in Covenant luanchers
Adversaries may use hidden windows to conceal malicious activity from the plain sight of users.
In some cases, windows that would typically be displayed when an application carries out an operation can be hidden