From d6579a02a69e4457343fb95cd706ea5e47dbb32c Mon Sep 17 00:00:00 2001
From: root <root@localhost>
Date: Sun, 12 Jan 2025 02:45:15 +0300
Subject: [PATCH] printui.exe lolbas Requestt

---
 yml/OSBinaries/printui.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/yml/OSBinaries/printui.yml b/yml/OSBinaries/printui.yml
index 1694a18..3c0d62a 100644
--- a/yml/OSBinaries/printui.yml
+++ b/yml/OSBinaries/printui.yml
@@ -4,7 +4,7 @@ Description: Malicious dll file load to memory via printui.exe
 Author: 'Yasin Gökhan TAŞKIN'
 Created: 2025-01-12
 Commands:
-  - Command: start "%SystemDrive%"\Windows\System32\printui.exe  
+  - Command: start "%SystemDrive%"\Windows\System32\printui.exe
     Description: Detects potential DLL sideloading of "printui.dll". While using legit "printui.exe" it can be abused to attach to an arbitrary process and force load DLL named "printui.dll" from the current directory of execution.
     Usecase: Execute dll file
     Category: Execute
@@ -17,7 +17,7 @@ Full_Path:
   - Path: C:\Windows\System32\printui.exe
 Detection:
   - Sigma: https:https://github.com/SigmaHQ/sigma/blob/master/rules/windows/image_load/image_load_side_load_from_non_system_location.yml
-  - IOC: Load malicious DLL image 
+  - IOC: Load malicious DLL image
 Resources:
   - Link: https:https://www.linkedin.com/pulse/uncovered-lolbas-yasin-g%C3%B6khan-ta%C5%9Fkin-gnpwf/?trackingId=WvE5YmopTtyh%2FuvEPcpyZQ%3D%3D
 Acknowledgement: