diff --git a/rules/windows/process_creation/win_susp_file_characteristics.yml b/rules/windows/process_creation/win_susp_file_characteristics.yml
index 083ccf70..cfe3b7e3 100644
--- a/rules/windows/process_creation/win_susp_file_characteristics.yml
+++ b/rules/windows/process_creation/win_susp_file_characteristics.yml
@@ -1,13 +1,13 @@
-title: Suspicious File Characteristics Due to Missing Fields
+title: Suspicious File Characteristics Due to Missing Fields in Downloads folder
 id: 9637e8a5-7131-4f7f-bdc7-2b05d8670c43
-description: Detects Executables without FileVersion,Description,Product,Company likely created with py2exe
+description: Detects Executables in the Downloads folder without FileVersion,Description,Product,Company likely created with py2exe
 status: experimental
 references:
     - https://securelist.com/muddywater/88059/
     - https://www.virustotal.com/#/file/276a765a10f98cda1a38d3a31e7483585ca3722ecad19d784441293acf1b7beb/detection
-author: Markus Neis
+author: Markus Neis, Sander Wiebing
 date: 2018/11/22
-modified: 2019/11/09
+modified: 2020/05/26
 tags:
     - attack.defense_evasion
     - attack.execution
@@ -25,7 +25,9 @@ detection:
     selection3:
         Description: '\?'
         Company: '\?'
-    condition: 1 of them
+    folder:
+        Image: '*\Downloads\\*'
+    condition: (selection1 or selection2 or selection3) and folder
 fields:
     - CommandLine
     - ParentCommandLine