From d0d99829a24464a162f14bcb9a3badfac4a2d377 Mon Sep 17 00:00:00 2001
From: Eric <26614684+MakoWish@users.noreply.github.com>
Date: Wed, 26 Jul 2023 05:10:03 -0600
Subject: [PATCH] Correct misspelling of AppDara to AppData (#2952)

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
---
 rules/windows/defense_evasion_wsl_kalilinux.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/defense_evasion_wsl_kalilinux.toml b/rules/windows/defense_evasion_wsl_kalilinux.toml
index 403f8cc90..5450c0714 100644
--- a/rules/windows/defense_evasion_wsl_kalilinux.toml
+++ b/rules/windows/defense_evasion_wsl_kalilinux.toml
@@ -2,7 +2,7 @@
 creation_date = "2023/01/12"
 integration = ["endpoint", "windows"]
 maturity = "production"
-updated_date = "2023/06/22"
+updated_date = "2023/07/20"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
 
@@ -31,7 +31,7 @@ process where host.os.type == "windows" and event.type == "start" and
  (process.name : "wsl.exe" and process.args : ("-d", "--distribution", "-i", "--install") and process.args : "kali*") or 
  process.executable : 
         ("?:\\Users\\*\\AppData\\Local\\packages\\kalilinux*", 
-         "?:\\Users\\*\\AppDara\\Local\\Microsoft\\WindowsApps\\kali.exe",
+         "?:\\Users\\*\\AppData\\Local\\Microsoft\\WindowsApps\\kali.exe",
          "?:\\Program Files*\\WindowsApps\\KaliLinux.*\\kali.exe")
  )
 '''