select * from file where path in ('/etc/.enyelkmHIDE^IT.ko');

select * from file where path in ('/usr/lib/tcl5.3');

select * from etc_hosts;

select name, publisher, type, subscriptions, events, active from osquery_events;

select * from registry where key='HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ExecutableTry'

select * from registry where key like 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ExecutableTry'

select * from fan_speed_sensors;

select firefox_addons.* from users join firefox_addons using (uid);

select * from registry where key='HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions\MitigationOptions_FontBlocking'

select * from file where path in ('/sbin/xc', '/usr/include/ivtype.h', '/bin/.lib');