Update CVE-2021-36934 usage detection.md

2022-01-16 17:06:27 +02:00 · 2022-01-16 17:06:27 +02:00 · 824d453d6f
--- a/Exploits/CVE-2021-36934
+++ b/Exploits/CVE-2021-36934
@ -14,11 +14,15 @@
 let startTime = now(-7d);
 let endTime = now();
 DeviceProcessEvents
+| where Timestamp between (startTime..endTime)
 | where ProcessCommandLine contains "HKLM"
 | where AccountName != "system"

 #This query just looks for usage of "reg" in processes that aren't ran by system.
+let startTime = now(-7d);
+let endTime = now();
 DeviceProcessEvents
+| where Timestamp between (startTime..endTime)
 | where ProcessCommandLine contains "reg"
 | where AccountName != "system"