diff --git a/queries/windows/bypass_user_access_control.yml b/queries/windows/bypass_user_access_control.yml
index 60a9b55..ea69743 100644
--- a/queries/windows/bypass_user_access_control.yml
+++ b/queries/windows/bypass_user_access_control.yml
@@ -1,4 +1,4 @@
-title: T1548.002 Bypass User Access Control
+title: Bypass User Access Control
 description: Detection of UAC bypass through tampering with Shell Open for .ms-settings
   or .msc file types. Also includes detection for CMSTPLUA COM interface abuse by GUID.
 author: keyboardcrunch
@@ -7,7 +7,7 @@ modified: 05/12/2020
 mitre:
    tactic: Defense Evasion, Privilege Escalation
    technique: T1548
-   subtechnique: 008
+   subtechnique: 002
 operating_system: windows
 query: (SrcProcCmdLine ContainsCIS "ms-settings\shell\open\command" OR SrcProcCmdLine
   ContainsCIS "mscfile\shell\open\command") OR (TgtProcDisplayName = "COM Surrogate"
diff --git a/queries/windows/disable_microsoft_office_security_features.yml b/queries/windows/disable_microsoft_office_security_features.yml
index b546aaa..653daa0 100644
--- a/queries/windows/disable_microsoft_office_security_features.yml
+++ b/queries/windows/disable_microsoft_office_security_features.yml
@@ -1,4 +1,4 @@
-title: T1562.001 Disable Microsoft Office Security Features
+title: Disable Microsoft Office Security Features
 description: Detects disabling of Microsoft Office Security features.
 author: keyboardcrunch
 date: 10/10/2020
diff --git a/queries/windows/findstr_password_extraction.yml b/queries/windows/findstr_password_extraction.yml
index 94c6225..c2d85a3 100644
--- a/queries/windows/findstr_password_extraction.yml
+++ b/queries/windows/findstr_password_extraction.yml
@@ -1,4 +1,4 @@
-title: T1552.001 Findstr Password Extraction
+title: Findstr Password Extraction
 description: Detection of content exfiltration of passwords within files using findstr.exe
   or PowerShell's findstr.
 author: keyboardcrunch
@@ -7,7 +7,7 @@ modified: null
 mitre:
    tactic: Credential Access
    technique: T1552
-   subtechnique: 006
+   subtechnique: 001
 operating_system: windows
 query: TgtProcCmdLine ContainsCIS "/si pass" OR TgtProcCmdLine ContainsCIS "-pattern
   password"
diff --git a/queries/windows/lsa_secrets.yml b/queries/windows/lsa_secrets_extraction.yml
similarity index 91%
rename from queries/windows/lsa_secrets.yml
rename to queries/windows/lsa_secrets_extraction.yml
index 8540202..5bd218e 100644
--- a/queries/windows/lsa_secrets.yml
+++ b/queries/windows/lsa_secrets_extraction.yml
@@ -1,4 +1,4 @@
-title: T1003.004 LSA Secrets
+title: LSA Secrets Extraction
 description: Detect direct LSA extraction with reg.exe.
 author: keyboardcrunch
 date: 10/10/2020
diff --git a/queries/windows/process_injection.yml b/queries/windows/process_injection.yml
index effa049..c3068fa 100644
--- a/queries/windows/process_injection.yml
+++ b/queries/windows/process_injection.yml
@@ -1,4 +1,4 @@
-title: T1055 Process Injection
+title: Process Injection
 description: Detects Process Injection through execution of MavInject, filtering out
   noisy/expected activity. SrcProcParentName filter narrows Cross Process items to
   refine results.