From 5146752dde68b8dfdefe19d778c72d8237d408ef Mon Sep 17 00:00:00 2001
From: JasonPhang98 <jpvonn@gmail.com>
Date: Sun, 19 Jan 2025 18:13:34 +0800
Subject: [PATCH] fix formatting

---
 yml/OSBinaries/SystemSettingsAdminFlow.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/yml/OSBinaries/SystemSettingsAdminFlow.yml b/yml/OSBinaries/SystemSettingsAdminFlow.yml
index 5de5450..3f82666 100644
--- a/yml/OSBinaries/SystemSettingsAdminFlow.yml
+++ b/yml/OSBinaries/SystemSettingsAdminFlow.yml
@@ -16,12 +16,11 @@ Commands:
     OperatingSystem: Windows 10 1803, Windows 10 1703
     Tags:
       - Execute: EXE
-      - Tamper
 Full_Path:
   - Path: C:\Windows\System32\SystemSettingsFlowAdmin.exe
   - Path: C:\Windows\Syswow64\SystemSettingsFlowAdmin.exe
 Detection:
-  - IOC: Microsoft-Windows-Windows Defender/Operational Event Log Event ID 5007 for changes.
+  - IOC: Microsoft-Windows-Windows Defender/Operational Event Log Event ID 5007 for changes
   - IOC: SystemSettingsFlowAdmin.exe spawned with parent image not SystemSettings.exe
   - Sigma: https://gist.githubusercontent.com/ald3n5/b1a3f4138b1a1624f7e183a3d0859d17/raw/29e6f67fa3920a39cb4c4bc5226f21a6057fa5ad/susp_adminflows_tampering_defender.yml
 Resources: