From 6eaafa7b92bc35e96df8485e62cd143a3d5fd38b Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Sun, 3 Jul 2022 20:16:43 +0100
Subject: [PATCH] Update proc_creation_win_uac_bypass_idiagnostic_profile.yml

---
 .../proc_creation_win_uac_bypass_idiagnostic_profile.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_uac_bypass_idiagnostic_profile.yml b/rules/windows/process_creation/proc_creation_win_uac_bypass_idiagnostic_profile.yml
index b3f145f94..c44047824 100644
--- a/rules/windows/process_creation/proc_creation_win_uac_bypass_idiagnostic_profile.yml
+++ b/rules/windows/process_creation/proc_creation_win_uac_bypass_idiagnostic_profile.yml
@@ -12,7 +12,7 @@ logsource:
 detection:
     selection:
         ParentImage|endswith: '\DllHost.exe'
-        ParentCommandLine|contains: ' /Processid:{2C21EA7-2EB8-4B55-9249-AC243DA8C666}'
+        ParentCommandLine|contains: ' /Processid:{12C21EA7-2EB8-4B55-9249-AC243DA8C666}'
         IntegrityLevel:
           - 'High'
           - 'System'