From a57c96bbf8d9e17602087891c7018872c2e06979 Mon Sep 17 00:00:00 2001
From: ciwen3 <55612276+ciwen3@users.noreply.github.com>
Date: Tue, 3 Oct 2023 15:27:38 -0700
Subject: [PATCH] Update Teams.yml

changed path from c:\Users\username\AppData\Local\Microsoft\Teams\current\Teams.exe to %localappdata%\Microsoft\Teams\current\Teams.exe
  to standardize the format and match the more common usage in the file paths.
---
 yml/OSBinaries/Teams.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yml/OSBinaries/Teams.yml b/yml/OSBinaries/Teams.yml
index ba85b65..2b351c5 100644
--- a/yml/OSBinaries/Teams.yml
+++ b/yml/OSBinaries/Teams.yml
@@ -12,7 +12,7 @@ Commands:
     MitreID: T1218
     OperatingSystem: Windows 10, Windows 11
 Full_Path:
-  - Path: c:\Users\username\AppData\Local\Microsoft\Teams\current\Teams.exe
+  - Path: %localappdata%\Microsoft\Teams\current\Teams.exe
 Detection:
   - Sigma: https://github.com/SigmaHQ/sigma/blob/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/process_creation/proc_creation_win_susp_electron_exeuction_proxy.yml
 Resources: