diff --git a/rules/windows/process_creation/process_creation_command_execution_by_office_applications.yml b/rules/windows/other/process_creation_command_execution_by_office_applications.yml
similarity index 100%
rename from rules/windows/process_creation/process_creation_command_execution_by_office_applications.yml
rename to rules/windows/other/process_creation_command_execution_by_office_applications.yml
diff --git a/rules/windows/process_creation/win_exchange_proxylogon_oabvirtualdir.yml b/rules/windows/other/win_exchange_proxylogon_oabvirtualdir.yml
similarity index 100%
rename from rules/windows/process_creation/win_exchange_proxylogon_oabvirtualdir.yml
rename to rules/windows/other/win_exchange_proxylogon_oabvirtualdir.yml
diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml
index 402ff3615..e45421438 100644
--- a/rules/windows/process_creation/win_task_folder_evasion.yml
+++ b/rules/windows/process_creation/win_task_folder_evasion.yml
@@ -6,7 +6,7 @@ references:
     - https://twitter.com/subTee/status/1216465628946563073
     - https://gist.github.com/am0nsec/8378da08f848424e4ab0cc5b317fdd26
 date: 2020/01/13
-modified: 2021/05/30
+modified: 2021/11/06
 author: Sreeman
 tags:
     - attack.defense_evasion
@@ -15,9 +15,9 @@ tags:
     - attack.t1574.002
     - attack.t1059  # an old one
     - attack.t1064  # an old one
-
 logsource:
     product: windows
+    category: process_creation
 detection:
     selection1:
         CommandLine|contains: