GitHub

Day 100 - CScript.exe, WScript.exe or MSHTA.exe Executed from Web Browser Process.md

This query returns events where a script interpreter (cscript.exe, wscript.exe or mshta.exe) was executed from a Web browser process. The logic here is similar from the one from Day 11 query, however, ...
Bleeping Computer

WSCRIPT.EXE LGUARG.EXE.VBS Information

This is an undesirable program. This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.
GitHub

Day 71 - cscript.exe or wscript.exe Launched with Script Engine Parameter.md

DISCLAIMER - I'm currently sick and fighting sleepiness as I post this. As usual, I'll enhance that page with more information when I get better/get back. For now, consider this as a hunting query.
Bleeping Computer

WSCRIPT.EXE WINSTART.VBS Information

This is an undesirable program. This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.