diff --git a/rules/windows/win_pc_attrib_system.yml b/rules/windows/process_creation/win_pc_attrib_system.yml
similarity index 100%
rename from rules/windows/win_pc_attrib_system.yml
rename to rules/windows/process_creation/win_pc_attrib_system.yml
diff --git a/rules/windows/win_pc_redirect_to_stream.yml b/rules/windows/process_creation/win_pc_redirect_to_stream.yml
similarity index 100%
rename from rules/windows/win_pc_redirect_to_stream.yml
rename to rules/windows/process_creation/win_pc_redirect_to_stream.yml
diff --git a/rules/windows/win_re_set_servicedll.yml b/rules/windows/registry_event/win_re_set_servicedll.yml
similarity index 100%
rename from rules/windows/win_re_set_servicedll.yml
rename to rules/windows/registry_event/win_re_set_servicedll.yml