wikijm
diff --git a/‎results/LOLRMM-WikiJM-global/247ithelp.com__connectwise__network_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/247ithelp.com__connectwise__network_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/247ithelp.com__connectwise__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/247ithelp.com__connectwise__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/absolute__computrace__network_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/absolute__computrace__network_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/absolute__computrace__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/absolute__computrace__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/access_remote_pc_processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/access_remote_pc_processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/acronis_cyber_protect__remotix__network_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/acronis_cyber_protect__remotix__network_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/acronis_cyber_protect__remotix__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/acronis_cyber_protect__remotix__processes_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/action1_files_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/action1_files_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/action1_network_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/action1_network_sigma.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎results/LOLRMM-WikiJM-global/action1_registry_sigma.md‎
Lines changed: 1 addition & 1 deletion b/‎results/LOLRMM-WikiJM-global/action1_registry_sigma.md‎
Lines changed: 1 addition & 1 deletion
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 (event.category in ("dns","url","ip")) and (endpoint.os="windows" and (url.address contains ".247ithelp.com" or event.dns.request contains ".247ithelp.com"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 event.type="Process Creation" and (endpoint.os="windows" and src.process.image.path contains "Remote Workforce Client.exe")
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 (event.category in ("dns","url","ip")) and (endpoint.os="windows" and ((url.address contains "search.namequery.com" or url.address contains "server.absolute.com") or (event.dns.request contains "search.namequery.com" or event.dns.request contains "server.absolute.com")))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "rpcnet.exe" or src.process.image.path contains "ctes.exe" or src.process.image.path contains "ctespersitence.exe" or src.process.image.path contains "cteshostsvc.exe" or src.process.image.path contains "rpcld.exe"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path contains "rpcgrab.exe" or src.process.image.path contains "rpcsetup.exe"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 (event.category in ("dns","url","ip")) and (endpoint.os="windows" and ((url.address contains "cloud.acronis.com" or url.address="*agents*-cloud.acronis.com" or url.address contains "gw.remotix.com" or url.address contains "connect.acronis.com") or (event.dns.request contains "cloud.acronis.com" or event.dns.request="*agents*-cloud.acronis.com" or event.dns.request contains "gw.remotix.com" or event.dns.request contains "connect.acronis.com")))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 event.type="Process Creation" and (endpoint.os="windows" and (src.process.image.path="*AcronisCyberProtectConnectQuickAssist*.exe" or src.process.image.path contains "AcronisCyberProtectConnectAgent.exe"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 event.category="file" and (endpoint.os="windows" and (tgt.file.path contains "C:\\Windows\\Action1\\action1_agent.exe" or tgt.file.path contains "C:\\Windows\\Action1\*" or tgt.file.path contains "C:\\Windows\\Action1\\scripts\*" or tgt.file.path contains "C:\\Windows\\Action1\\rule_data\*" or tgt.file.path="*C:\\Windows\\Action1\\action1_log_*.log"))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 (event.category in ("dns","url","ip")) and (endpoint.os="windows" and ((url.address contains ".action1.com" or url.address contains "a1-backend-packages.s3.amazonaws.com") or (event.dns.request contains ".action1.com" or event.dns.request contains "a1-backend-packages.s3.amazonaws.com")))
 ```
 
 
@@ -1,5 +1,5 @@
 ```sql
-// Translated content (automatically translated on 25-01-2026 01:58:47):
+// Translated content (automatically translated on 26-01-2026 01:58:14):
 event.category="registry" and (endpoint.os="windows" and (registry.keyPath contains "HKLM\\System\\CurrentControlSet\\Services\\A1Agent" or registry.keyPath contains "HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps\\action1_agent.exe" or registry.keyPath contains "HKLM\\SOFTWARE\\WOW6432Node\\Action1"))
 ```