Merge pull request #1596 from d4rk-d4nph3/master

Added new observed path for Image Load in PrintNightmare

rules/windows/image_load/sysmon_cve_2021_1675_print_nightmare.yml

@@ -6,6 +6,7 @@ references:
     - https://github.com/hhlxf/PrintNightmare
 author: FPT.EagleEye
 date: 2021/06/29
+modified: 2021/07/01
 tags:
     - attack.persistence
     - attack.defense_evasion
@@ -20,7 +21,8 @@ detection:
         Image|endswith:
             - 'spoolsv.exe'
         ImageLoaded:
-            - 'Windows\System32\spool\drivers\x64\3\old\*.dll'
+            - 'C:\Windows\System32\spool\drivers\x64\3\old\*.dll'
+            - 'C:\Windows\System32\spool\drivers\x64\3\*.dll'
     condition: selection
 falsepositives:
     - Possible. Requires further testing.