diff --git a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml
index e7bd1d984..f6b098211 100644
--- a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml
+++ b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml
@@ -21,7 +21,7 @@ detection:
         # HKCU\Software\Microsoft\Internet Explorer\Main\Check_Associations
         # HKCU\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize
         # HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden
-         CommandLine|contains:
+        CommandLine|contains:
             - '-Property DWORD -name DisableFirstRunCustomize -value 2 -Force'
             - '-Property String -name Check_Associations -value'
             - '-Property DWORD -name IEHarden -value 0 -Force'