fix: "whne" to "when"

Windows Registry/Highly Targeted Registry Keys.csv

@@ -1,7 +1,7 @@
 Registry (Sub)Key Name,Importance Description,MITRE,Registry Operation,Recommended SACL,Referneces 
 HKEY_CURRENT_USER\Environment\UserInitMprLogonScript,User logon scripts are used to establish persistence as they execute at logon initialization ,T1037.001,RegSetValue*,No,"Boot or Logon Initialization Scripts: Logon Script (Windows), Sub-technique T1037.001 - Enterprise | MITRE ATT&CK®"
-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,"Used for persistence. HKCU - non-system user, will run whne the user logs in",T1547.001,RegSetValue*,No,https://labs.jumpsec.com/running-once-running-twice-pwned-windows-registry-run-keys/
-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce,"Used for persistence. HKCU - non-system user, will run whne the user logs in. Removed after user logs in. ",T1547.001,RegSetValue*,No,https://labs.jumpsec.com/running-once-running-twice-pwned-windows-registry-run-keys/
+HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,"Used for persistence. HKCU - non-system user, will run when the user logs in",T1547.001,RegSetValue*,No,https://labs.jumpsec.com/running-once-running-twice-pwned-windows-registry-run-keys/
+HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce,"Used for persistence. HKCU - non-system user, will run when the user logs in. Removed after user logs in. ",T1547.001,RegSetValue*,No,https://labs.jumpsec.com/running-once-running-twice-pwned-windows-registry-run-keys/
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,"Used for persistence. HKLM - Admin/System user, will run everytime the machine boots",T1547.001,RegSetValue*,No,https://labs.jumpsec.com/running-once-running-twice-pwned-windows-registry-run-keys/
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce,"Used for persistence. HKLM - Admin/System user, will run when the machine boots and willl be removed after execution",T1547.001,RegSetValue*,No,https://labs.jumpsec.com/running-once-running-twice-pwned-windows-registry-run-keys/
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"Used for persistence. HKLM - Admin/System user, will run when the machine boots and willl be removed after execution",T1547.001,RegSetValue*,No,https://attack.mitre.org/techniques/T1547/001/
@@ -18,4 +18,4 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_
 HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls,Persistence. DLLs that are added get loaded by user32.dll. ,T1546.010,"RegCreateKey*, RegSetValue*",No,https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost,Persistence. Malware can create a service via a dll by setting image path to svchost.exe -k <>,TA0003,"RegCreateKey, RegSetValue",No,
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit,Reconnaissance to see what audit policies are in place. Built-in to Seatbelt. ,TA0043,RegQueryKey ,Yes,
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonDrv\Parameters\ ,Reconnaissance. Detection where processname != sysmon service binary (Sysmon.exe/Sysmon64.exe),TA0043,RegQueryKey ,Yes,
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonDrv\Parameters\ ,Reconnaissance. Detection where processname != sysmon service binary (Sysmon.exe/Sysmon64.exe),TA0043,RegQueryKey ,Yes,