From 7df7d7f48bbc601421c0dd962ff0abceb87e5b60 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 19:39:11 -0300
Subject: [PATCH] Update win_susp_powershell_enc_cmd.yml

---
 rules/windows/process_creation/win_susp_powershell_enc_cmd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
index 9f9710909..69dfbe117 100644
--- a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
+++ b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
@@ -28,7 +28,7 @@ detection:
             - '-enc'
     selection4:
             - ' BA^J'
-            - 'SUVYI'
+            - ' SUVYI'
             - ' aWV4I'
             - ' SQBFAFgA'
             - ' aQBlAHgA'