From dd63af54843244c2343e5026d3064ce171c89631 Mon Sep 17 00:00:00 2001
From: doomedraven <doommedraven@gmail.com>
Date: Sat, 5 Oct 2024 08:49:03 +0200
Subject: [PATCH] Update bypass_uac.py

---
 modules/signatures/windows/bypass_uac.py | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/modules/signatures/windows/bypass_uac.py b/modules/signatures/windows/bypass_uac.py
index 47ea1c0c..cae0c877 100644
--- a/modules/signatures/windows/bypass_uac.py
+++ b/modules/signatures/windows/bypass_uac.py
@@ -230,15 +230,9 @@ class ChecksUACStatus(Signature):
     ttps = ["T1548"]  # MITRE v6,7,8
 
     def run(self):
-        indicators = [
-            ".*\\\\SOFTWARE\\\\(Wow6432Node\\\\)?Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System\\\\EnableLUA$",
-
-        ]
- 
-        for indicator in indicators:
-            match = self.check_key(pattern=indicator, regex=True)
-            if match:
-                self.data.append({"regkey": match})
-                return True
+        match = self.check_key(pattern=r".*\SOFTWARE\(Wow6432Node\)?Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA$", regex=True)
+        if match:
+            self.data.append({"regkey": match})
+            return True
 
         return False