From e1225784f7abf7e22aa4f32ce3b950bb9d7cedf6 Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@nextron-systems.com>
Date: Fri, 19 Jun 2020 09:54:08 +0200
Subject: [PATCH] fix: fixed indentation

---
 rules/windows/process_creation/win_apt_ke3chang_regadd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml
index e7bd1d984..f6b098211 100644
--- a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml
+++ b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml
@@ -21,7 +21,7 @@ detection:
         # HKCU\Software\Microsoft\Internet Explorer\Main\Check_Associations
         # HKCU\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize
         # HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden
-         CommandLine|contains:
+        CommandLine|contains:
             - '-Property DWORD -name DisableFirstRunCustomize -value 2 -Force'
             - '-Property String -name Check_Associations -value'
             - '-Property DWORD -name IEHarden -value 0 -Force'