wscript and cscript execution artifact detector

drop 4688 or sysmon evtx csv · wscript/cscript patterns · deleted scripts · obfuscation flags · child process analysis · export csv · runs locally