Event JSON
{
"id": "44e64f237248fc57af7392ead5877262766eaa9a7100c9d0e0d0b807984631bd",
"pubkey": "6c5fbbb2ed7c3a8df0f17376ad38167bef90ad337d0cc46d26f0ca68620b9a71",
"created_at": 1721401968,
"kind": 1,
"tags": [
[
"e",
"c11e6270f33a491371323e34ca146b2216ac289b1a385b06e1c5e999795ef08d",
"",
"root"
],
[
"e",
"69264f6c53a946c6c953ef990c33ab46b465b81bdc23d5243f5ac4a20ab52954"
],
[
"e",
"f3b488958c9ba8dced94ba0ebc29fc48729bdbdc1fb602e165b70e442ea507f6",
"",
"reply"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"7ca66d4166b16f54a16868191ba1c6386a976624f4634f3896d9b6740a388ca3"
],
[
"p",
"3c07d68edf71f6d22374dffae054e6801468594e7b0d0625fb5bcd24b202264d"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
],
[
"p",
"1f830dd875130b134fbf3f27a69eecd8613a499748a71b5a271a719febae14ed"
]
],
"content": "It is installed as a kernel mode driver which is even higher privileges than a user mode admin. It isn't quite standard for EDR agents as there are a lot of solutions whose agents only use usermode hooking for their detections.",
"sig": "1b3affd0b9261c3ce1e6f5b6cb202438ca93291b9547a3eb629e7f2fdcd05fe45efeb216216c4d8b8eb9afa9e874df9e2a4a2659ea14048998f19998a54044f4"
}