diff --git a/rules/windows/image_load/sysmon_cve_2021_1675_print_nightmare.yml b/rules/windows/image_load/sysmon_cve_2021_1675_print_nightmare.yml
index 7d57896ef..5d836413e 100644
--- a/rules/windows/image_load/sysmon_cve_2021_1675_print_nightmare.yml
+++ b/rules/windows/image_load/sysmon_cve_2021_1675_print_nightmare.yml
@@ -6,6 +6,7 @@ references:
     - https://github.com/hhlxf/PrintNightmare
 author: FPT.EagleEye
 date: 2021/06/29
+modified: 2021/07/01
 tags:
     - attack.persistence
     - attack.defense_evasion
@@ -20,7 +21,8 @@ detection:
         Image|endswith:
             - 'spoolsv.exe'
         ImageLoaded:
-            - 'Windows\System32\spool\drivers\x64\3\old\*.dll'
+            - 'C:\Windows\System32\spool\drivers\x64\3\old\*.dll'
+            - 'C:\Windows\System32\spool\drivers\x64\3\*.dll'
     condition: selection
 falsepositives:
     - Possible. Requires further testing.