diff --git a/rules/windows/process_creation/win_susp_razorinstaller_explorer.yml b/rules/windows/process_creation/win_susp_razorinstaller_explorer.yml
index 967932cc0..cffed8586 100644
--- a/rules/windows/process_creation/win_susp_razorinstaller_explorer.yml
+++ b/rules/windows/process_creation/win_susp_razorinstaller_explorer.yml
@@ -1,7 +1,7 @@
-title: Suspicious RazorInstaller Explorer Subprocess
+title: Suspicious RazerInstaller Explorer Subprocess
 id: a4eaf250-7dc1-4842-862a-5e71cd59a167
 status: experimental
-description: Detects a explorer.exe sub process of the RazorInstaller software which can be invoked from the installer to select a different installation folder but can also be exploited to escalate privileges to LOCAL SYSTEM
+description: Detects a explorer.exe sub process of the RazerInstaller software which can be invoked from the installer to select a different installation folder but can also be exploited to escalate privileges to LOCAL SYSTEM
 references:
     - https://twitter.com/j0nh4t/status/1429049506021138437
     - https://streamable.com/q2dsji
@@ -15,7 +15,7 @@ logsource:
 detection:
     selection:
         Image|endswith: '\explorer.exe'
-        ParentImage|endswith: '\RazorInstaller.exe'
+        ParentImage|endswith: '\RazerInstaller.exe'
     condition: selection
 falsepositives:
     - User selecting a different installation folder (check for other sub processes of this explorer.exe process)