diff --git a/rules/windows/process_creation/win_pc_susp_instalutil.yml b/rules/windows/process_creation/win_pc_susp_instalutil.yml
index cbf7ebc50..f5b9298f8 100644
--- a/rules/windows/process_creation/win_pc_susp_instalutil.yml
+++ b/rules/windows/process_creation/win_pc_susp_instalutil.yml
@@ -6,14 +6,14 @@ author: frack113
 references:
     - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
     - https://docs.microsoft.com/en-us/dotnet/framework/tools/installutil-exe-installer-tool
-date: 2022/01/23
+date: 2022/02/04
 logsource:
     category: process_creation
     product: windows
 detection:
     selection:
         Image|endswith: \InstallUtil.exe
-        Image|contains: Microsoft.NET\Framework64\
+        Image|contains: Microsoft.NET\Framework
         CommandLine|contains|all:
             - '/logfile= '
             - '/LogToConsole=false'