diff --git a/Exploits/CVE-2021-36934 usage detection.md b/Exploits/CVE-2021-36934 usage detection.md
index 1a9233a..8d66eed 100644
--- a/Exploits/CVE-2021-36934 usage detection.md	
+++ b/Exploits/CVE-2021-36934 usage detection.md	
@@ -14,11 +14,15 @@
 let startTime = now(-7d);
 let endTime = now();
 DeviceProcessEvents
+| where Timestamp between (startTime..endTime)
 | where ProcessCommandLine contains "HKLM"
 | where AccountName != "system"
 
 #This query just looks for usage of "reg" in processes that aren't ran by system.
+let startTime = now(-7d);
+let endTime = now();
 DeviceProcessEvents
+| where Timestamp between (startTime..endTime)
 | where ProcessCommandLine contains "reg"
 | where AccountName != "system"