diff --git a/queries.md b/PrivilegeEscalation.md
similarity index 98%
rename from queries.md
rename to PrivilegeEscalation.md
index a531386..1391a63 100644
--- a/queries.md
+++ b/PrivilegeEscalation.md
@@ -1,4 +1,3 @@
-# Windows Atomic Tests by ATT&CK Tactic & Technique
 ## Privilege Escalation
 
 ### T1053.002 AT Scheduled Task
@@ -222,8 +221,3 @@ Detects Winlogon Helper Dll changes through Registry MetadataIndicator item, as
 IndicatorMetadata In Contains Anycase ("Microsoft\Windows NT\CurrentVersion\Winlogon","Microsoft\Windows NT\CurrentVersion\Winlogon\Notify") AND IndicatorMetadata In Contains Anycase ("logon","Userinit","Shell") AND IndicatorMetadata Does Not ContainCIS "WINDOWS\system32\userinit.exe"
 ```
 
-
-## Defense Evasion
-### T1055.004 Asynchronous Procedure Call
-Atomics: [T1055.004]()
-