diff --git a/rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml b/rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml
index 2fa240596..0bff21843 100644
--- a/rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml
+++ b/rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml
@@ -39,9 +39,9 @@ detection:
         ParentImage:
             - '*\winlogon.exe'
         CommandLine:
-            - '*\cmd.exe sethc.exe *'
-            - '*\cmd.exe utilman.exe *'
-            - '*\cmd.exe osk.exe *'
-            - '*\cmd.exe Magnify.exe *'
-            - '*\cmd.exe Narrator.exe *'
-            - '*\cmd.exe DisplaySwitch.exe *'
+            - '*cmd.exe sethc.exe *'
+            - '*cmd.exe utilman.exe *'
+            - '*cmd.exe osk.exe *'
+            - '*cmd.exe Magnify.exe *'
+            - '*cmd.exe Narrator.exe *'
+            - '*cmd.exe DisplaySwitch.exe *'