diff --git a/rules/windows/process_creation/proc_creation_win_filefix_browsers.yml b/rules/windows/process_creation/proc_creation_win_filefix_browsers.yml
index a88bb2f44..d4cfcf1c4 100644
--- a/rules/windows/process_creation/proc_creation_win_filefix_browsers.yml
+++ b/rules/windows/process_creation/proc_creation_win_filefix_browsers.yml
@@ -9,6 +9,7 @@ references:
     - https://mrd0x.com/filefix-clickfix-alternative/
 author: 0xFustang
 date: 2025-06-26
+modified: 2025-06-30
 tags:
     - attack.execution
     - attack.t1204.004
@@ -18,17 +19,18 @@ logsource:
 detection:
     selection:
         ParentImage|endswith:
-            - '\chrome.exe'
-            - '\msedge.exe'
-            - '\firefox.exe'
             - '\brave.exe'
+            - '\chrome.exe'
+            - '\firefox.exe'
+            - '\msedge.exe'
         Image|endswith:
+            - '\bitsadmin.exe'
+            - '\certutil.exe'
+            - '\cmd.exe'
+            - '\mshta.exe'
             - '\powershell.exe'
             - '\pwsh.exe'
             - '\regsvr32.exe'
-            - '\bitsadmin.exe'
-            - '\certutil.exe'
-            - '\mshta.exe'
         CommandLine|contains: '#'
     condition: selection
 falsepositives: