From 4803ba6ff46767f64ffe72adf05e61049822715f Mon Sep 17 00:00:00 2001
From: Ming Di Leom <2809763-curben@users.noreply.gitlab.com>
Date: Sun, 6 Apr 2025 12:06:57 +0000
Subject: [PATCH] page(threat-hunting): update InnoDownloadPlugin description

---
 source/threat-hunting/index.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source/threat-hunting/index.md b/source/threat-hunting/index.md
index 46bf131..9d9ee50 100644
--- a/source/threat-hunting/index.md
+++ b/source/threat-hunting/index.md
@@ -2,7 +2,7 @@
 title: Splunk Threat Hunting
 layout: page
 date: 2025-01-15
-updated: 2025-04-01
+updated: 2025-04-06
 ---
 
 Some searches utilise [cmdb_ci_list_lookup](https://gitlab.com/curben/splunk-scripts/-/tree/main/Splunk_TA_snow) lookup.
@@ -742,7 +742,8 @@ SPL:
 
 ## InnoDownloadPlugin user-agent observed
 
-References: [1](https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/#execution)
+Description: Inno Setup, a free installer for Windows programs. Inno Download Plugin is a component of Inno Setup.
+References: [1](https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/#execution), [2](https://jrsoftware.org/isinfo.php)
 SPL:
 
 ```spl