diff --git a/rules/windows/process_creation/proc_creation_win_reg_nolmhash.yml b/rules/windows/process_creation/proc_creation_win_reg_nolmhash.yml
index fc9bf8c47..df5e689f8 100644
--- a/rules/windows/process_creation/proc_creation_win_reg_nolmhash.yml
+++ b/rules/windows/process_creation/proc_creation_win_reg_nolmhash.yml
@@ -13,6 +13,7 @@ references:
     - https://www.sans.org/blog/protecting-privileged-domain-accounts-lm-hashes-the-good-the-bad-and-the-ugly/
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/12/15
+modified: 2023/12/22
 tags:
     - attack.defense_evasion
     - attack.t1112
@@ -22,7 +23,7 @@ logsource:
 detection:
     selection:
         CommandLine|contains|all:
-            - '\System\CurrentControlSet\Control\Lsa\'
+            - '\System\CurrentControlSet\Control\Lsa'
             - 'NoLMHash'
             - ' 0'
     condition: selection