diff --git a/rules/windows/process_creation/proc_creation_win_gmer_execution.yml b/rules/windows/process_creation/proc_creation_win_gmer_execution.yml
index eae83da1a..74374c55a 100644
--- a/rules/windows/process_creation/proc_creation_win_gmer_execution.yml
+++ b/rules/windows/process_creation/proc_creation_win_gmer_execution.yml
@@ -16,9 +16,9 @@ detection:
         Image|endswith: '\gmer.exe'
     selection_sysmon_hash:
         Hashes|contains:
-            - 'MD5=e9dc058440d321aa17d0600b3ca0ab04'
-            - 'SHA1=539c228b6b332f5aa523e5ce358c16647d8bbe57'
-            - 'SHA256=e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173'
+            - 'MD5=E9DC058440D321AA17D0600B3CA0AB04'
+            - 'SHA1=539C228B6B332F5AA523E5CE358C16647D8BBE57'
+            - 'SHA256=E8A3E804A96C716A3E9B69195DB6FFB0D33E2433AF871E4D4E1EAB3097237173'
     selection_other:
         - MD5: 'e9dc058440d321aa17d0600b3ca0ab04'
         - SHA1: '539c228b6b332f5aa523e5ce358c16647d8bbe57'