Hub configuration

More info

1type: trigger

2name: sigmahq/proc_creation_win_susp_emoji_usage_in_cli_4

3description: |

4 Detects the usage of emojis in the command line, this could be a sign of potential defense evasion activity.

5filter: |

6 (evt.Meta.service == 'sysmon' && evt.Parsed.EventID == '1') && (evt.Parsed.CommandLine contains '🔸' || evt.Parsed.CommandLine contains '🔹' || evt.Parsed.CommandLine contains '🔶' || evt.Parsed.CommandLine contains '🔷' || evt.Parsed.CommandLine contains '🔳' || evt.Parsed.CommandLine contains '🔲' || evt.Parsed.CommandLine contains '▪️' || evt.Parsed.CommandLine contains '▫️' || evt.Parsed.CommandLine contains '◾️' || evt.Parsed.CommandLine contains '◽️' || evt.Parsed.CommandLine contains '◼️' || evt.Parsed.CommandLine contains '◻️' || evt.Parsed.CommandLine contains '🟥' || evt.Parsed.CommandLine contains '🟧' || evt.Parsed.CommandLine contains '🟨' || evt.Parsed.CommandLine contains '🟩' || evt.Parsed.CommandLine contains '🟦' || evt.Parsed.CommandLine contains '🟪' || evt.Parsed.CommandLine contains '⬛️' || evt.Parsed.CommandLine contains '⬜️' || evt.Parsed.CommandLine contains '🟫' || evt.Parsed.CommandLine contains '🔈' || evt.Parsed.CommandLine contains '🔇' || evt.Parsed.CommandLine contains '🔉' || evt.Parsed.CommandLine contains '🔊' || evt.Parsed.CommandLine contains '🔔' || evt.Parsed.CommandLine contains '🔕' || evt.Parsed.CommandLine contains '📣' || evt.Parsed.CommandLine contains '📢' || evt.Parsed.CommandLine contains '👁‍🗨' || evt.Parsed.CommandLine contains '💬' || evt.Parsed.CommandLine contains '💭' || evt.Parsed.CommandLine contains '🗯' || evt.Parsed.CommandLine contains '♠️' || evt.Parsed.CommandLine contains '♣️' || evt.Parsed.CommandLine contains '♥️' || evt.Parsed.CommandLine contains '♦️' || evt.Parsed.CommandLine contains '🃏' || evt.Parsed.CommandLine contains '🎴' || evt.Parsed.CommandLine contains '🀄️' || evt.Parsed.CommandLine contains '🕐' || evt.Parsed.CommandLine contains '🕑' || evt.Parsed.CommandLine contains '🕒' || evt.Parsed.CommandLine contains '🕓' || evt.Parsed.CommandLine contains '🕔' || evt.Parsed.CommandLine contains '🕕' || evt.Parsed.CommandLine contains '🕖' || evt.Parsed.CommandLine contains '🕗' || evt.Parsed.CommandLine contains '🕘' || evt.Parsed.CommandLine contains '🕙' || evt.Parsed.CommandLine contains '🕚' || evt.Parsed.CommandLine contains '🕛' || evt.Parsed.CommandLine contains '🕜' || evt.Parsed.CommandLine contains '🕝' || evt.Parsed.CommandLine contains '🕞' || evt.Parsed.CommandLine contains '🕟' || evt.Parsed.CommandLine contains '🕠' || evt.Parsed.CommandLine contains '🕡' || evt.Parsed.CommandLine contains '🕢' || evt.Parsed.CommandLine contains '🕣' || evt.Parsed.CommandLine contains '🕤' || evt.Parsed.CommandLine contains '🕥' || evt.Parsed.CommandLine contains '🕦' || evt.Parsed.CommandLine contains '🕧✢' || evt.Parsed.CommandLine contains '✣' || evt.Parsed.CommandLine contains '✤' || evt.Parsed.CommandLine contains '✥' || evt.Parsed.CommandLine contains '✦' || evt.Parsed.CommandLine contains '✧' || evt.Parsed.CommandLine contains '★' || evt.Parsed.CommandLine contains '☆' || evt.Parsed.CommandLine contains '✯' || evt.Parsed.CommandLine contains '✡︎' || evt.Parsed.CommandLine contains '✩' || evt.Parsed.CommandLine contains '✪' || evt.Parsed.CommandLine contains '✫' || evt.Parsed.CommandLine contains '✬' || evt.Parsed.CommandLine contains '✭' || evt.Parsed.CommandLine contains '✮' || evt.Parsed.CommandLine contains '✶' || evt.Parsed.CommandLine contains '✷' || evt.Parsed.CommandLine contains '✵' || evt.Parsed.CommandLine contains '✸' || evt.Parsed.CommandLine contains '✹' || evt.Parsed.CommandLine contains '→' || evt.Parsed.CommandLine contains '⇒' || evt.Parsed.CommandLine contains '⟹' || evt.Parsed.CommandLine contains '⇨' || evt.Parsed.CommandLine contains '⇾' || evt.Parsed.CommandLine contains '➾' || evt.Parsed.CommandLine contains '⇢' || evt.Parsed.CommandLine contains '☛' || evt.Parsed.CommandLine contains '☞' || evt.Parsed.CommandLine contains '➔' || evt.Parsed.CommandLine contains '➜' || evt.Parsed.CommandLine contains '➙' || evt.Parsed.CommandLine contains '➛' || evt.Parsed.CommandLine contains '➝' || evt.Parsed.CommandLine contains '➞' || evt.Parsed.CommandLine contains '♠︎' || evt.Parsed.CommandLine contains '♣︎' || evt.Parsed.CommandLine contains '♥︎' || evt.Parsed.CommandLine contains '♦︎' || evt.Parsed.CommandLine contains '♤' || evt.Parsed.CommandLine contains '♧' || evt.Parsed.CommandLine contains '♡' || evt.Parsed.CommandLine contains '♢' || evt.Parsed.CommandLine contains '♚' || evt.Parsed.CommandLine contains '♛' || evt.Parsed.CommandLine contains '♜' || evt.Parsed.CommandLine contains '♝' || evt.Parsed.CommandLine contains '♞' || evt.Parsed.CommandLine contains '♟' || evt.Parsed.CommandLine contains '♔' || evt.Parsed.CommandLine contains '♕' || evt.Parsed.CommandLine contains '♖' || evt.Parsed.CommandLine contains '♗' || evt.Parsed.CommandLine contains '♘' || evt.Parsed.CommandLine contains '♙' || evt.Parsed.CommandLine contains '⚀' || evt.Parsed.CommandLine contains '⚁' || evt.Parsed.CommandLine contains '⚂' || evt.Parsed.CommandLine contains '⚃' || evt.Parsed.CommandLine contains '⚄' || evt.Parsed.CommandLine contains '⚅' || evt.Parsed.CommandLine contains '🂠' || evt.Parsed.CommandLine contains '⚈' || evt.Parsed.CommandLine contains '⚉' || evt.Parsed.CommandLine contains '⚆' || evt.Parsed.CommandLine contains '⚇' || evt.Parsed.CommandLine contains '𓀀' || evt.Parsed.CommandLine contains '𓀁' || evt.Parsed.CommandLine contains '𓀂' || evt.Parsed.CommandLine contains '𓀃' || evt.Parsed.CommandLine contains '𓀄' || evt.Parsed.CommandLine contains '𓀅' || evt.Parsed.CommandLine contains '𓀆' || evt.Parsed.CommandLine contains '𓀇' || evt.Parsed.CommandLine contains '𓀈' || evt.Parsed.CommandLine contains '𓀉' || evt.Parsed.CommandLine contains '𓀊' || evt.Parsed.CommandLine contains '𓀋' || evt.Parsed.CommandLine contains '𓀌' || evt.Parsed.CommandLine contains '𓀍' || evt.Parsed.CommandLine contains '𓀎' || evt.Parsed.CommandLine contains '𓀏' || evt.Parsed.CommandLine contains '𓀐' || evt.Parsed.CommandLine contains '𓀑' || evt.Parsed.CommandLine contains '𓀒' || evt.Parsed.CommandLine contains '𓀓' || evt.Parsed.CommandLine contains '𓀔' || evt.Parsed.CommandLine contains '𓀕' || evt.Parsed.CommandLine contains '𓀖' || evt.Parsed.CommandLine contains '𓀗' || evt.Parsed.CommandLine contains '𓀘' || evt.Parsed.CommandLine contains '𓀙' || evt.Parsed.CommandLine contains '𓀚' || evt.Parsed.CommandLine contains '𓀛' || evt.Parsed.CommandLine contains '𓀜' || evt.Parsed.CommandLine contains '𓀝🏳️' || evt.Parsed.CommandLine contains '🏴' || evt.Parsed.CommandLine contains '🏁' || evt.Parsed.CommandLine contains '🚩' || evt.Parsed.CommandLine contains '🏳️‍🌈' || evt.Parsed.CommandLine contains '🏳️‍⚧️' || evt.Parsed.CommandLine contains '🏴‍☠️' || evt.Parsed.CommandLine contains '🇦🇫' || evt.Parsed.CommandLine contains '🇦🇽' || evt.Parsed.CommandLine contains '🇦🇱' || evt.Parsed.CommandLine contains '🇩🇿' || evt.Parsed.CommandLine contains '🇦🇸' || evt.Parsed.CommandLine contains '🇦🇩' || evt.Parsed.CommandLine contains '🇦🇴' || evt.Parsed.CommandLine contains '🇦🇮' || evt.Parsed.CommandLine contains '🇦🇶' || evt.Parsed.CommandLine contains '🇦🇬' || evt.Parsed.CommandLine contains '🇦🇷' || evt.Parsed.CommandLine contains '🇦🇲' || evt.Parsed.CommandLine contains '🇦🇼' || evt.Parsed.CommandLine contains '🇦🇺' || evt.Parsed.CommandLine contains '🇦🇹' || evt.Parsed.CommandLine contains '🇦🇿' || evt.Parsed.CommandLine contains '🇧🇸' || evt.Parsed.CommandLine contains '🇧🇭' || evt.Parsed.CommandLine contains '🇧🇩' || evt.Parsed.CommandLine contains '🇧🇧' || evt.Parsed.CommandLine contains '🇧🇾' || evt.Parsed.CommandLine contains '🇧🇪' || evt.Parsed.CommandLine contains '🇧🇿' || evt.Parsed.CommandLine contains '🇧🇯' || evt.Parsed.CommandLine contains '🇧🇲' || evt.Parsed.CommandLine contains '🇧🇹' || evt.Parsed.CommandLine contains '🇧🇴' || evt.Parsed.CommandLine contains '🇧🇦' || evt.Parsed.CommandLine contains '🇧🇼' || evt.Parsed.CommandLine contains '🇧🇷' || evt.Parsed.CommandLine contains '🇮🇴' || evt.Parsed.CommandLine contains '🇻🇬' || evt.Parsed.CommandLine contains '🇧🇳' || evt.Parsed.CommandLine contains '🇧🇬' || evt.Parsed.CommandLine contains '🇧🇫' || evt.Parsed.CommandLine contains '🇧🇮' || evt.Parsed.CommandLine contains '🇰🇭' || evt.Parsed.CommandLine contains '🇨🇲' || evt.Parsed.CommandLine contains '🇨🇦' || evt.Parsed.CommandLine contains '🇮🇨' || evt.Parsed.CommandLine contains '🇨🇻' || evt.Parsed.CommandLine contains '🇧🇶' || evt.Parsed.CommandLine contains '🇰🇾' || evt.Parsed.CommandLine contains '🇨🇫' || evt.Parsed.CommandLine contains '🇹🇩' || evt.Parsed.CommandLine contains '🇨🇱' || evt.Parsed.CommandLine contains '🇨🇳' || evt.Parsed.CommandLine contains '🇨🇽' || evt.Parsed.CommandLine contains '🇨🇨' || evt.Parsed.CommandLine contains '🇨🇴' || evt.Parsed.CommandLine contains '🇰🇲' || evt.Parsed.CommandLine contains '🇨🇬' || evt.Parsed.CommandLine contains '🇨🇩' || evt.Parsed.CommandLine contains '🇨🇰' || evt.Parsed.CommandLine contains '🇨🇷' || evt.Parsed.CommandLine contains '🇨🇮' || evt.Parsed.CommandLine contains '🇭🇷' || evt.Parsed.CommandLine contains '🇨🇺' || evt.Parsed.CommandLine contains '🇨🇼' || evt.Parsed.CommandLine contains '🇨🇾' || evt.Parsed.CommandLine contains '🇨🇿' || evt.Parsed.CommandLine contains '🇩🇰' || evt.Parsed.CommandLine contains '🇩🇯' || evt.Parsed.CommandLine contains '🇩🇲' || evt.Parsed.CommandLine contains '🇩🇴' || evt.Parsed.CommandLine contains '🇪🇨' || evt.Parsed.CommandLine contains '🇪🇬' || evt.Parsed.CommandLine contains '🇸🇻' || evt.Parsed.CommandLine contains '🇬🇶' || evt.Parsed.CommandLine contains '🇪🇷' || evt.Parsed.CommandLine contains '🇪🇪' || evt.Parsed.CommandLine contains '🇪🇹' || evt.Parsed.CommandLine contains '🇪🇺' || evt.Parsed.CommandLine contains '🇫🇰' || evt.Parsed.CommandLine contains '🇫🇴' || evt.Parsed.CommandLine contains '🇫🇯' || evt.Parsed.CommandLine contains '🇫🇮' || evt.Parsed.CommandLine contains '🇫🇷' || evt.Parsed.CommandLine contains '🇬🇫' || evt.Parsed.CommandLine contains '🇵🇫' || evt.Parsed.CommandLine contains '🇹🇫' || evt.Parsed.CommandLine contains '🇬🇦' || evt.Parsed.CommandLine contains '🇬🇲' || evt.Parsed.CommandLine contains '🇬🇪' || evt.Parsed.CommandLine contains '🇩🇪' || evt.Parsed.CommandLine contains '🇬🇭' || evt.Parsed.CommandLine contains '🇬🇮' || evt.Parsed.CommandLine contains '🇬🇷' || evt.Parsed.CommandLine contains '🇬🇱' || evt.Parsed.CommandLine contains '🇬🇩' || evt.Parsed.CommandLine contains '🇬🇵' || evt.Parsed.CommandLine contains '🇬🇺' || evt.Parsed.CommandLine contains '🇬🇹' || evt.Parsed.CommandLine contains '🇬🇬' || evt.Parsed.CommandLine contains '🇬🇳' || evt.Parsed.CommandLine contains '🇬🇼' || evt.Parsed.CommandLine contains '🇬🇾' || evt.Parsed.CommandLine contains '🇭🇹' || evt.Parsed.CommandLine contains '🇭🇳' || evt.Parsed.CommandLine contains '🇭🇰' || evt.Parsed.CommandLine contains '🇭🇺' || evt.Parsed.CommandLine contains '🇮🇸' || evt.Parsed.CommandLine contains '🇮🇳' || evt.Parsed.CommandLine contains '🇮🇩' || evt.Parsed.CommandLine contains '🇮🇷' || evt.Parsed.CommandLine contains '🇮🇶' || evt.Parsed.CommandLine contains '🇮🇪' || evt.Parsed.CommandLine contains '🇮🇲' || evt.Parsed.CommandLine contains '🇮🇱' || evt.Parsed.CommandLine contains '🇮🇹' || evt.Parsed.CommandLine contains '🇯🇲' || evt.Parsed.CommandLine contains '🇯🇵' || evt.Parsed.CommandLine contains '🎌' || evt.Parsed.CommandLine contains '🇯🇪' || evt.Parsed.CommandLine contains '🇯🇴' || evt.Parsed.CommandLine contains '🇰🇿' || evt.Parsed.CommandLine contains '🇰🇪' || evt.Parsed.CommandLine contains '🇰🇮' || evt.Parsed.CommandLine contains '🇽🇰' || evt.Parsed.CommandLine contains '🇰🇼' || evt.Parsed.CommandLine contains '🇰🇬' || evt.Parsed.CommandLine contains '🇱🇦' || evt.Parsed.CommandLine contains '🇱🇻' || evt.Parsed.CommandLine contains '🇱🇧' || evt.Parsed.CommandLine contains '🇱🇸' || evt.Parsed.CommandLine contains '🇱🇷' || evt.Parsed.CommandLine contains '🇱🇾' || evt.Parsed.CommandLine contains '🇱🇮' || evt.Parsed.CommandLine contains '🇱🇹' || evt.Parsed.CommandLine contains '🇱🇺' || evt.Parsed.CommandLine contains '🇲🇴' || evt.Parsed.CommandLine contains '🇲🇰' || evt.Parsed.CommandLine contains '🇲🇬' || evt.Parsed.CommandLine contains '🇲🇼' || evt.Parsed.CommandLine contains '🇲🇾' || evt.Parsed.CommandLine contains '🇲🇻' || evt.Parsed.CommandLine contains '🇲🇱' || evt.Parsed.CommandLine contains '🇲🇹' || evt.Parsed.CommandLine contains '🇲🇭' || evt.Parsed.CommandLine contains '🇲🇶' || evt.Parsed.CommandLine contains '🇲🇷' || evt.Parsed.CommandLine contains '🇲🇺' || evt.Parsed.CommandLine contains '🇾🇹' || evt.Parsed.CommandLine contains '🇲🇽' || evt.Parsed.CommandLine contains '🇫🇲' || evt.Parsed.CommandLine contains '🇲🇩' || evt.Parsed.CommandLine contains '🇲🇨' || evt.Parsed.CommandLine contains '🇲🇳' || evt.Parsed.CommandLine contains '🇲🇪' || evt.Parsed.CommandLine contains '🇲🇸' || evt.Parsed.CommandLine contains '🇲🇦' || evt.Parsed.CommandLine contains '🇲🇿' || evt.Parsed.CommandLine contains '🇲🇲' || evt.Parsed.CommandLine contains '🇳🇦' || evt.Parsed.CommandLine contains '🇳🇷' || evt.Parsed.CommandLine contains '🇳🇵' || evt.Parsed.CommandLine contains '🇳🇱' || evt.Parsed.CommandLine contains '🇳🇨' || evt.Parsed.CommandLine contains '🇳🇿' || evt.Parsed.CommandLine contains '🇳🇮' || evt.Parsed.CommandLine contains '🇳🇪' || evt.Parsed.CommandLine contains '🇳🇬' || evt.Parsed.CommandLine contains '🇳🇺' || evt.Parsed.CommandLine contains '🇳🇫' || evt.Parsed.CommandLine contains '🇰🇵' || evt.Parsed.CommandLine contains '🇲🇵' || evt.Parsed.CommandLine contains '🇳🇴' || evt.Parsed.CommandLine contains '🇴🇲' || evt.Parsed.CommandLine contains '🇵🇰' || evt.Parsed.CommandLine contains '🇵🇼' || evt.Parsed.CommandLine contains '🇵🇸' || evt.Parsed.CommandLine contains '🇵🇦' || evt.Parsed.CommandLine contains '🇵🇬' || evt.Parsed.CommandLine contains '🇵🇾' || evt.Parsed.CommandLine contains '🇵🇪' || evt.Parsed.CommandLine contains '🇵🇭' || evt.Parsed.CommandLine contains '🇵🇳' || evt.Parsed.CommandLine contains '🇵🇱' || evt.Parsed.CommandLine contains '🇵🇹' || evt.Parsed.CommandLine contains '🇵🇷' || evt.Parsed.CommandLine contains '🇶🇦' || evt.Parsed.CommandLine contains '🇷🇪' || evt.Parsed.CommandLine contains '🇷🇴' || evt.Parsed.CommandLine contains '🇷🇺' || evt.Parsed.CommandLine contains '🇷🇼' || evt.Parsed.CommandLine contains '🇼🇸' || evt.Parsed.CommandLine contains '🇸🇲' || evt.Parsed.CommandLine contains '🇸🇦' || evt.Parsed.CommandLine contains '🇸🇳' || evt.Parsed.CommandLine contains '🇷🇸' || evt.Parsed.CommandLine contains '🇸🇨' || evt.Parsed.CommandLine contains '🇸🇱' || evt.Parsed.CommandLine contains '🇸🇬' || evt.Parsed.CommandLine contains '🇸🇽' || evt.Parsed.CommandLine contains '🇸🇰' || evt.Parsed.CommandLine contains '🇸🇮' || evt.Parsed.CommandLine contains '🇬🇸' || evt.Parsed.CommandLine contains '🇸🇧' || evt.Parsed.CommandLine contains '🇸🇴' || evt.Parsed.CommandLine contains '🇿🇦' || evt.Parsed.CommandLine contains '🇰🇷' || evt.Parsed.CommandLine contains '🇸🇸' || evt.Parsed.CommandLine contains '🇪🇸' || evt.Parsed.CommandLine contains '🇱🇰' || evt.Parsed.CommandLine contains '🇧🇱' || evt.Parsed.CommandLine contains '🇸🇭' || evt.Parsed.CommandLine contains '🇰🇳' || evt.Parsed.CommandLine contains '🇱🇨' || evt.Parsed.CommandLine contains '🇵🇲' || evt.Parsed.CommandLine contains '🇻🇨' || evt.Parsed.CommandLine contains '🇸🇩' || evt.Parsed.CommandLine contains '🇸🇷' || evt.Parsed.CommandLine contains '🇸🇿' || evt.Parsed.CommandLine contains '🇸🇪' || evt.Parsed.CommandLine contains '🇨🇭' || evt.Parsed.CommandLine contains '🇸🇾' || evt.Parsed.CommandLine contains '🇹🇼' || evt.Parsed.CommandLine contains '🇹🇯' || evt.Parsed.CommandLine contains '🇹🇿' || evt.Parsed.CommandLine contains '🇹🇭' || evt.Parsed.CommandLine contains '🇹🇱' || evt.Parsed.CommandLine contains '🇹🇬' || evt.Parsed.CommandLine contains '🇹🇰' || evt.Parsed.CommandLine contains '🇹🇴' || evt.Parsed.CommandLine contains '🇹🇹' || evt.Parsed.CommandLine contains '🇹🇳' || evt.Parsed.CommandLine contains '🇹🇷' || evt.Parsed.CommandLine contains '🇹🇲' || evt.Parsed.CommandLine contains '🇹🇨' || evt.Parsed.CommandLine contains '🇹🇻' || evt.Parsed.CommandLine contains '🇻🇮' || evt.Parsed.CommandLine contains '🇺🇬' || evt.Parsed.CommandLine contains '🇺🇦' || evt.Parsed.CommandLine contains '🇦🇪' || evt.Parsed.CommandLine contains '🇬🇧' || evt.Parsed.CommandLine contains '🏴󠁧󠁢󠁥󠁮󠁧󠁿' || evt.Parsed.CommandLine contains '🏴󠁧󠁢󠁳󠁣󠁴󠁿' || evt.Parsed.CommandLine contains '🏴󠁧󠁢󠁷󠁬󠁳󠁿' || evt.Parsed.CommandLine contains '🇺🇳' || evt.Parsed.CommandLine contains '🇺🇸' || evt.Parsed.CommandLine contains '🇺🇾' || evt.Parsed.CommandLine contains '🇺🇿' || evt.Parsed.CommandLine contains '🇻🇺' || evt.Parsed.CommandLine contains '🇻🇦' || evt.Parsed.CommandLine contains '🇻🇪' || evt.Parsed.CommandLine contains '🇻🇳' || evt.Parsed.CommandLine contains '🇼🇫' || evt.Parsed.CommandLine contains '🇪🇭' || evt.Parsed.CommandLine contains '🇾🇪' || evt.Parsed.CommandLine contains '🇿🇲' || evt.Parsed.CommandLine contains '🇿🇼🫠' || evt.Parsed.CommandLine contains '🫢' || evt.Parsed.CommandLine contains '🫣' || evt.Parsed.CommandLine contains '🫡' || evt.Parsed.CommandLine contains '🫥' || evt.Parsed.CommandLine contains '🫤' || evt.Parsed.CommandLine contains '🥹' || evt.Parsed.CommandLine contains '🫱' || evt.Parsed.CommandLine contains '🫱🏻' || evt.Parsed.CommandLine contains '🫱🏼' || evt.Parsed.CommandLine contains '🫱🏽' || evt.Parsed.CommandLine contains '🫱🏾' || evt.Parsed.CommandLine contains '🫱🏿' || evt.Parsed.CommandLine contains '🫲' || evt.Parsed.CommandLine contains '🫲🏻' || evt.Parsed.CommandLine contains '🫲🏼' || evt.Parsed.CommandLine contains '🫲🏽' || evt.Parsed.CommandLine contains '🫲🏾' || evt.Parsed.CommandLine contains '🫲🏿' || evt.Parsed.CommandLine contains '🫳' || evt.Parsed.CommandLine contains '🫳🏻' || evt.Parsed.CommandLine contains '🫳🏼' || evt.Parsed.CommandLine contains '🫳🏽' || evt.Parsed.CommandLine contains '🫳🏾' || evt.Parsed.CommandLine contains '🫳🏿' || evt.Parsed.CommandLine contains '🫴' || evt.Parsed.CommandLine contains '🫴🏻' || evt.Parsed.CommandLine contains '🫴🏼' || evt.Parsed.CommandLine contains '🫴🏽' || evt.Parsed.CommandLine contains '🫴🏾' || evt.Parsed.CommandLine contains '🫴🏿' || evt.Parsed.CommandLine contains '🫰' || evt.Parsed.CommandLine contains '🫰🏻' || evt.Parsed.CommandLine contains '🫰🏼' || evt.Parsed.CommandLine contains '🫰🏽' || evt.Parsed.CommandLine contains '🫰🏾' || evt.Parsed.CommandLine contains '🫰🏿' || evt.Parsed.CommandLine contains '🫵' || evt.Parsed.CommandLine contains '🫵🏻' || evt.Parsed.CommandLine contains '🫵🏼' || evt.Parsed.CommandLine contains '🫵🏽' || evt.Parsed.CommandLine contains '🫵🏾' || evt.Parsed.CommandLine contains '🫵🏿' || evt.Parsed.CommandLine contains '🫶' || evt.Parsed.CommandLine contains '🫶🏻' || evt.Parsed.CommandLine contains '🫶🏼' || evt.Parsed.CommandLine contains '🫶🏽' || evt.Parsed.CommandLine contains '🫶🏾' || evt.Parsed.CommandLine contains '🫶🏿' || evt.Parsed.CommandLine contains '🤝🏻' || evt.Parsed.CommandLine contains '🤝🏼' || evt.Parsed.CommandLine contains '🤝🏽' || evt.Parsed.CommandLine contains '🤝🏾' || evt.Parsed.CommandLine contains '🤝🏿' || evt.Parsed.CommandLine contains '🫱🏻‍🫲🏼' || evt.Parsed.CommandLine contains '🫱🏻‍🫲🏽' || evt.Parsed.CommandLine contains '🫱🏻‍🫲🏾' || evt.Parsed.CommandLine contains '🫱🏻‍🫲🏿' || evt.Parsed.CommandLine contains '🫱🏼‍🫲🏻' || evt.Parsed.CommandLine contains '🫱🏼‍🫲🏽' || evt.Parsed.CommandLine contains '🫱🏼‍🫲🏾' || evt.Parsed.CommandLine contains '🫱🏼‍🫲🏿' || evt.Parsed.CommandLine contains '🫱🏽‍🫲🏻' || evt.Parsed.CommandLine contains '🫱🏽‍🫲🏼' || evt.Parsed.CommandLine contains '🫱🏽‍🫲🏾' || evt.Parsed.CommandLine contains '🫱🏽‍🫲🏿' || evt.Parsed.CommandLine contains '🫱🏾‍🫲🏻' || evt.Parsed.CommandLine contains '🫱🏾‍🫲🏼' || evt.Parsed.CommandLine contains '🫱🏾‍🫲🏽' || evt.Parsed.CommandLine contains '🫱🏾‍🫲🏿' || evt.Parsed.CommandLine contains '🫱🏿‍🫲🏻' || evt.Parsed.CommandLine contains '🫱🏿‍🫲🏼' || evt.Parsed.CommandLine contains '🫱🏿‍🫲🏽' || evt.Parsed.CommandLine contains '🫱🏿‍🫲🏾' || evt.Parsed.CommandLine contains '🫦' || evt.Parsed.CommandLine contains '🫅' || evt.Parsed.CommandLine contains '🫅🏻' || evt.Parsed.CommandLine contains '🫅🏼' || evt.Parsed.CommandLine contains '🫅🏽' || evt.Parsed.CommandLine contains '🫅🏾' || evt.Parsed.CommandLine contains '🫅🏿' || evt.Parsed.CommandLine contains '🫃' || evt.Parsed.CommandLine contains '🫃🏻' || evt.Parsed.CommandLine contains '🫃🏼' || evt.Parsed.CommandLine contains '🫃🏽' || evt.Parsed.CommandLine contains '🫃🏾' || evt.Parsed.CommandLine contains '🫃🏿' || evt.Parsed.CommandLine contains '🫄' || evt.Parsed.CommandLine contains '🫄🏻' || evt.Parsed.CommandLine contains '🫄🏼' || evt.Parsed.CommandLine contains '🫄🏽' || evt.Parsed.CommandLine contains '🫄🏾' || evt.Parsed.CommandLine contains '🫄🏿' || evt.Parsed.CommandLine contains '🧌' || evt.Parsed.CommandLine contains '🪸' || evt.Parsed.CommandLine contains '🪷' || evt.Parsed.CommandLine contains '🪹' || evt.Parsed.CommandLine contains '🪺' || evt.Parsed.CommandLine contains '🫘' || evt.Parsed.CommandLine contains '🫗' || evt.Parsed.CommandLine contains '🫙' || evt.Parsed.CommandLine contains '🛝' || evt.Parsed.CommandLine contains '🛞' || evt.Parsed.CommandLine contains '🛟' || evt.Parsed.CommandLine contains '🪬' || evt.Parsed.CommandLine contains '🪩' || evt.Parsed.CommandLine contains '🪫' || evt.Parsed.CommandLine contains '🩼' || evt.Parsed.CommandLine contains '🩻' || evt.Parsed.CommandLine contains '🫧' || evt.Parsed.CommandLine contains '🪪' || evt.Parsed.CommandLine contains '🟰' || evt.Parsed.CommandLine contains '😮‍💨' || evt.Parsed.CommandLine contains '😵‍💫' || evt.Parsed.CommandLine contains '😶‍🌫️' || evt.Parsed.CommandLine contains '❤️‍🔥' || evt.Parsed.CommandLine contains '❤️‍🩹' || evt.Parsed.CommandLine contains '🧔‍♀️' || evt.Parsed.CommandLine contains '🧔🏻‍♀️' || evt.Parsed.CommandLine contains '🧔🏼‍♀️' || evt.Parsed.CommandLine contains '🧔🏽‍♀️' || evt.Parsed.CommandLine contains '🧔🏾‍♀️' || evt.Parsed.CommandLine contains '🧔🏿‍♀️' || evt.Parsed.CommandLine contains '🧔‍♂️' || evt.Parsed.CommandLine contains '🧔🏻‍♂️' || evt.Parsed.CommandLine contains '🧔🏼‍♂️' || evt.Parsed.CommandLine contains '🧔🏽‍♂️' || evt.Parsed.CommandLine contains '🧔🏾‍♂️' || evt.Parsed.CommandLine contains '🧔🏿‍♂️' || evt.Parsed.CommandLine contains '💑🏻' || evt.Parsed.CommandLine contains '💑🏼' || evt.Parsed.CommandLine contains '💑🏽' || evt.Parsed.CommandLine contains '💑🏾' || evt.Parsed.CommandLine contains '💑🏿' || evt.Parsed.CommandLine contains '💏🏻' || evt.Parsed.CommandLine contains '💏🏼' || evt.Parsed.CommandLine contains '💏🏽' || evt.Parsed.CommandLine contains '💏🏾' || evt.Parsed.CommandLine contains '💏🏿' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👩🏻' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👩🏼' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👩🏽' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👩🏾' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍👩🏿' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👩🏻' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👩🏼' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👩🏽' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👩🏾' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍👩🏿' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👩🏻' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👩🏼' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👩🏽' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👩🏾' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍👩🏿' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👩🏻' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👩🏼' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👩🏽' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👩🏾' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍👩🏿' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👨🏻' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👨🏼' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👨🏽' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👨🏾' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👨🏿' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👩🏻' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👩🏼' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👩🏽' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👩🏾' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍👩🏿' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍🧑🏾' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍🧑🏾' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍🧑🏾' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍🧑🏾' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👨🏻‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👨🏼‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👨🏽‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👨🏾‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👨🏿‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👩🏻' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👩🏼' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👩🏽' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👩🏾' || evt.Parsed.CommandLine contains '👩🏻‍❤️‍💋‍👩🏿' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👩🏻' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👩🏼' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👩🏽' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👩🏾' || evt.Parsed.CommandLine contains '👩🏼‍❤️‍💋‍👩🏿' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👩🏻' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👩🏼' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👩🏽' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👩🏾' || evt.Parsed.CommandLine contains '👩🏽‍❤️‍💋‍👩🏿' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👩🏻' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👩🏼' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👩🏽' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👩🏾' || evt.Parsed.CommandLine contains '👩🏾‍❤️‍💋‍👩🏿' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👨🏻' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👨🏼' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👨🏽' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👨🏾' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👨🏿' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👩🏻' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👩🏼' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👩🏽' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👩🏾' || evt.Parsed.CommandLine contains '👩🏿‍❤️‍💋‍👩🏿' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍💋‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍💋‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍💋‍🧑🏾' || evt.Parsed.CommandLine contains '🧑🏻‍❤️‍💋‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍💋‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍💋‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍💋‍🧑🏾' || evt.Parsed.CommandLine contains '🧑🏼‍❤️‍💋‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍💋‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍💋‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍💋‍🧑🏾' || evt.Parsed.CommandLine contains '🧑🏽‍❤️‍💋‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍💋‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍💋‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍💋‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏾‍❤️‍💋‍🧑🏿' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍💋‍🧑🏻' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍💋‍🧑🏼' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍💋‍🧑🏽' || evt.Parsed.CommandLine contains '🧑🏿‍❤️‍💋‍🧑🏾')

7blackhole: 2m

8#status: test

9labels:

10 service: windows

11 confidence: 1

12 spoofable: 0

13 classification:

15 label: "Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 4"

16 behavior : "windows:audit"

17 remediation: false

19scope:

20 type: ParentProcessId

21 expression: evt.Parsed.ParentProcessId

Hub configuration

« proc_creation_win_susp_emoji_usage_in_cli_4 »v0.2 by sigmahqAttack scenarioservice:windowsspoofable:0confidence:1

« proc_creation_win_susp_emoji_usage_in_cli_4 »
v0.2 by sigmahq
Attack scenarioservice:windowsspoofable:0confidence:1