admin activity (unclear what they do nowadays with finger.exe)

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_finger_usage.yml>sigma
technicques: t1105

Techniques

Detects suspicious aged finger.exe tool execution often used in malware attacks nowadays

condition: selection
selection:
- OriginalFileName: finger.exe
- Image|endswith: \finger.exe