diff --git a/queries/windows/os_credential_dumping.yml b/queries/windows/os_credential_dumping.yml
index dc41220..68a5665 100644
--- a/queries/windows/os_credential_dumping.yml
+++ b/queries/windows/os_credential_dumping.yml
@@ -8,7 +8,7 @@ mitre:
    technique: T1003
    subtechnique: null
 operating_system: linux
-query: RegistryKeyPath ContainsCIS "\Services\NPPSpy" OR IndicatorName In ( "Mimikatz", "CredsReadFromLsass", "LSASSMemoryAccessed", "DumpSAM", "PasswordSniffingViaNetworkProvider" )
+query: RegistryKeyPath ContainsCIS "\Services\NPPSpy" OR IndicatorName In ( "Mimikatz", "CredsReadFromLsass", "DumpSAM", "PasswordSniffingViaNetworkProvider" )
 false_positives: null
 tags: null
 references: