style: Automatic code formatting

modules/signatures/windows/bypass_uac.py

@@ -228,7 +228,9 @@ class ChecksUACStatus(Signature):
     ttps = ["T1548"]  # MITRE v6,7,8
 
     def run(self):
-        match = self.check_key(pattern=r".*\SOFTWARE\(Wow6432Node\)?Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA$", regex=True)
+        match = self.check_key(
+            pattern=r".*\SOFTWARE\(Wow6432Node\)?Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA$", regex=True
+        )
         if match:
             self.data.append({"regkey": match})
             return True

modules/signatures/windows/persistence_autorun.py

@@ -62,9 +62,7 @@ def on_call(self, call, process):
                 self.mark_call()
 
     def on_complete(self):
-        indicators = (
-            r".*\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler\\.*",
-        )
+        indicators = (r".*\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler\\.*",)
         whitelists = (
             r".*\\Software\\(Wow6432Node\\)?Classes\\clsid\\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\\InprocServer32\\.*",
             # ".*\\Software\\(Wow6432Node\\)?Classes\\clsid\\[^\\]*\\InprocServer32\\ThreadingModel$",

modules/signatures/windows/webshell.py

@@ -82,9 +82,7 @@ class OWAWebShellFiles(Signature):
     ttps += ["T1505.003"]  # MITRE v7,8
 
     def run(self):
-        indicators = (
-            r"C:\\Program Files\\Microsoft\\Exchange Server\\V[0-9]{2}\\FrontEnd\\HttpProxy\\owa\\.*",
-        )
+        indicators = (r"C:\\Program Files\\Microsoft\\Exchange Server\\V[0-9]{2}\\FrontEnd\\HttpProxy\\owa\\.*",)
 
         for indicator in indicators:
             match = self.check_write_file(pattern=indicator, regex=True)