From e98fca7964ea85718f3c3d91c688667add2075d1 Mon Sep 17 00:00:00 2001
From: "@" <@>
Date: Fri, 18 Sep 2020 16:03:35 -0500
Subject: [PATCH] update formatting

---
 Persistence.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Persistence.md b/Persistence.md
index 33ea4a5..532303f 100644
--- a/Persistence.md
+++ b/Persistence.md
@@ -190,7 +190,7 @@ Our goal with this query is to detect any schtasks /create command as well as an
 (( TgtProcName = "schtasks.exe" AND TgtProcCmdLine ContainsCIS "/create" ) OR ( SrcProcCmdLine ContainsCIS "New-ScheduledTask" OR SrcProcCmdScript  ContainsCIS "New-ScheduledTask" )) AND SrcProcParentName Not In ("services.exe","OfficeClickToRun.exe")
 ```
 
-** Optionally, leveraging the ScheduleTaskRegister Indicator object: **
+**Optionally, leveraging the ScheduleTaskRegister Indicator object:**
 
 ```
 IndicatorName = "ScheduleTaskRegister" AND SrcProcParentName Not In ("Integrator.exe","OfficeClickToRun.exe","services.exe","OneDriveSetup.exe","Ccm32BitLauncher.exe","WmiPrvSE.exe")