From 80098113d06750ddb9ab275d7df1049f88d4ea7c Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Wed, 31 Aug 2022 09:53:07 +0200
Subject: [PATCH] Update image_load_susp_cmstp.yml

---
 rules/windows/image_load/image_load_susp_cmstp.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rules/windows/image_load/image_load_susp_cmstp.yml b/rules/windows/image_load/image_load_susp_cmstp.yml
index 472bed24a..6c5dea61b 100644
--- a/rules/windows/image_load/image_load_susp_cmstp.yml
+++ b/rules/windows/image_load/image_load_susp_cmstp.yml
@@ -20,8 +20,7 @@ detection:
         ImageLoaded|endswith:
             - '.dll'
             - '.ocx'
-        Image|endswith:
-            - '\cmstp.exe'
+        Image|endswith: '\cmstp.exe'
     condition: selection
 falsepositives:
     - Unikely