diff --git a/rules/windows/process_creation/win_pc_susp_instalutil.yml b/rules/windows/process_creation/win_pc_susp_instalutil.yml
index cbf7ebc50..d4ece5241 100644
--- a/rules/windows/process_creation/win_pc_susp_instalutil.yml
+++ b/rules/windows/process_creation/win_pc_susp_instalutil.yml
@@ -7,13 +7,14 @@ references:
     - https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
     - https://docs.microsoft.com/en-us/dotnet/framework/tools/installutil-exe-installer-tool
 date: 2022/01/23
+modified: 2022/02/04
 logsource:
     category: process_creation
     product: windows
 detection:
     selection:
         Image|endswith: \InstallUtil.exe
-        Image|contains: Microsoft.NET\Framework64\
+        Image|contains: Microsoft.NET\Framework
         CommandLine|contains|all:
             - '/logfile= '
             - '/LogToConsole=false'