From fda9c753e2dcbefeebfdb1505428feeeb2d5fef1 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Fri, 17 Jun 2022 18:46:14 +0200
Subject: [PATCH] Update image_load_msdt_sdiageng.yml

---
 rules/windows/image_load/image_load_msdt_sdiageng.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/image_load/image_load_msdt_sdiageng.yml b/rules/windows/image_load/image_load_msdt_sdiageng.yml
index 157966584..1db0d173d 100644
--- a/rules/windows/image_load/image_load_msdt_sdiageng.yml
+++ b/rules/windows/image_load/image_load_msdt_sdiageng.yml
@@ -13,7 +13,7 @@ detection:
   selection_img:
     Image|endswith: '\msdt.exe'
   selection_load:
-    ImageLoaded|endswith: 'sdiageng.dll'
+    ImageLoaded|endswith: '\sdiageng.dll'
   condition: all of selection*
 falsepositives:
   - Unknown