From 07008120d7ab6106b1afebba0fa1dc80de7bd64a Mon Sep 17 00:00:00 2001
From: EzLucky <EzLucky@users.noreply.github.com>
Date: Wed, 22 Nov 2023 15:11:39 +0100
Subject: [PATCH] Update image_load_dll_rstrtmgr_susp_load.yml

---
 rules/windows/image_load/image_load_dll_rstrtmgr_susp_load.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/image_load/image_load_dll_rstrtmgr_susp_load.yml b/rules/windows/image_load/image_load_dll_rstrtmgr_susp_load.yml
index 9fd41a287ec..7e3d1beae24 100644
--- a/rules/windows/image_load/image_load_dll_rstrtmgr_susp_load.yml
+++ b/rules/windows/image_load/image_load_dll_rstrtmgr_susp_load.yml
@@ -22,7 +22,7 @@ logsource:
     product: windows
 detection:
     selection:
-        ImageLoaded|endswith:
+        - ImageLoaded|endswith:
             - '\RstrtMgr.dll'
         - OriginalFileName:
               - 'RstrtMgr.dll'