diff --git a/rules/windows/process_creation/win_pc_lolbas_diantz_ads.yml b/rules/windows/process_creation/win_pc_lolbas_diantz_ads.yml
index 9fccf9acb..bcd13051a 100644
--- a/rules/windows/process_creation/win_pc_lolbas_diantz_ads.yml
+++ b/rules/windows/process_creation/win_pc_lolbas_diantz_ads.yml
@@ -17,7 +17,7 @@ detection:
         CommandLine|contains|all:
             - diantz.exe
             - .cab
-        CommandLine|re: ":[^\\]"
+        CommandLine|re: ':[^\\]'
     condition: lolbas 
 falsepositives:
     - Very Possible