From ccaffc79f7c5be8aec26bce30310d3ec82cc751c Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Fri, 30 Jul 2021 08:40:21 +0200
Subject: [PATCH] update ref win_susp_psr_capture_screenshots.yml

---
 .../process_creation/win_susp_psr_capture_screenshots.yml        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/process_creation/win_susp_psr_capture_screenshots.yml b/rules/windows/process_creation/win_susp_psr_capture_screenshots.yml
index cae1a0a4f..aa550b3e2 100644
--- a/rules/windows/process_creation/win_susp_psr_capture_screenshots.yml
+++ b/rules/windows/process_creation/win_susp_psr_capture_screenshots.yml
@@ -5,6 +5,7 @@ description: The psr.exe captures desktop screenshots and saves them on the loca
 references:
     - https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/LOLUtilz/OSBinaries/Psr.yml
     - https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md
 author: Beyu Denis, oscd.community
 date: 2019/10/12
 modified: 2020/08/28