From 8810e30f0ab63a126f2ac9ef129c31eee763f1a3 Mon Sep 17 00:00:00 2001
From: Ryan Stamp <32468510+mhogar@users.noreply.github.com>
Date: Fri, 2 Sep 2022 13:44:23 -0400
Subject: [PATCH] Fix incorrect decodehex command syntax (#230)

---
 yml/OSBinaries/Certutil.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yml/OSBinaries/Certutil.yml b/yml/OSBinaries/Certutil.yml
index f31d2f7..be67802 100644
--- a/yml/OSBinaries/Certutil.yml
+++ b/yml/OSBinaries/Certutil.yml
@@ -39,7 +39,7 @@ Commands:
     Privileges: User
     MitreID: T1140
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
-  - Command: certutil --decodehex encoded_hexadecimal_InputFileName
+  - Command: certutil -decodehex encoded_hexadecimal_InputFileName decodedOutputFileName
     Description: Command to decode a hexadecimal-encoded file decodedOutputFileName
     Usecase: Decode files to evade defensive measures
     Category: Decode