From 500fcfbcbee3dfff53ddf4f147bd517dcb1c8866 Mon Sep 17 00:00:00 2001
From: stvetro <57000749+stvetro@users.noreply.github.com>
Date: Fri, 9 Oct 2020 15:42:05 +0400
Subject: [PATCH] Generated guid

---
 rules/windows/process_creation/win_susp_runscripthelper.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_susp_runscripthelper.yml b/rules/windows/process_creation/win_susp_runscripthelper.yml
index 68342e319..385091150 100644
--- a/rules/windows/process_creation/win_susp_runscripthelper.yml
+++ b/rules/windows/process_creation/win_susp_runscripthelper.yml
@@ -1,5 +1,5 @@
 title: Suspicious use of Runscripthelper.exe
-id: 06b401f4-107c-4ff9-947f-9ec1e7649f1e
+id: eca49c87-8a75-4f13-9c73-a5a29e845f03
 status: experimental
 description: Detects execution of powershell scripts via Runscripthelper.exe
 references: