From 29acd829681ea05a522fe1434baaae2065abe665 Mon Sep 17 00:00:00 2001
From: Filipe Spencer Lopes <filipe.spencerlopes@be.ibm.com>
Date: Tue, 9 Mar 2021 15:04:09 +0100
Subject: [PATCH] putting quotes around strings with special chars

---
 yml/LOLUtilz/OtherBinaries/RunCmd_X64.yml | 4 ++--
 yml/LOLUtilz/OtherBinaries/aswrundll.yml  | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/yml/LOLUtilz/OtherBinaries/RunCmd_X64.yml b/yml/LOLUtilz/OtherBinaries/RunCmd_X64.yml
index e458cec..c0ba77e 100644
--- a/yml/LOLUtilz/OtherBinaries/RunCmd_X64.yml
+++ b/yml/LOLUtilz/OtherBinaries/RunCmd_X64.yml
@@ -21,7 +21,7 @@ Detection:
 Resources:
  - Link: https://bartblaze.blogspot.com/2019/03/run-applications-and-scripts-using.html
  - Link: https://twitter.com/bartblaze/status/1107390776147881984
- Acknowledgement:
+Acknowledgement:
   - Person: Bart
-    Handle: @bartblaze
+    Handle: '@bartblaze'
 ---
diff --git a/yml/LOLUtilz/OtherBinaries/aswrundll.yml b/yml/LOLUtilz/OtherBinaries/aswrundll.yml
index 72414cc..6c130b8 100644
--- a/yml/LOLUtilz/OtherBinaries/aswrundll.yml
+++ b/yml/LOLUtilz/OtherBinaries/aswrundll.yml
@@ -3,18 +3,18 @@ Description: This process is used by AVAST antivirus to run and execute any modu
 Author: Eli Salem
 Created: 19\03\2019
 Commands:
-  - Command: "C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" 
+  - Command: '"C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll"'
     Description: Load and execute modules using aswrundll
     Usecase: Execute malicious modules using aswrundll.exe
     Category: Execute
     Privileges: Any
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
 Full_Path:
-- Path: C:\Program Files\Avast Software\Avast\aswrundll
+- Path: 'C:\Program Files\Avast Software\Avast\aswrundll'
 Code_Sample: 
-- Code: ["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]
+- Code: '["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]'
 Resources:
  - Link: https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
- Acknowledgement:
+Acknowledgement:
   - Person: Eli Salem 
     handle: https://www.linkedin.com/in/eli-salem-954728150