diff --git a/src/main/resources/rules/test_windows/dns_query_win_regsvr32_network_activity.yml b/src/main/resources/rules/test_windows/dns_query_win_regsvr32_network_activity.yml
index 0a9ffb60d..c812ab379 100644
--- a/src/main/resources/rules/test_windows/dns_query_win_regsvr32_network_activity.yml
+++ b/src/main/resources/rules/test_windows/dns_query_win_regsvr32_network_activity.yml
@@ -1,5 +1,5 @@
 title: Regsvr32 Network Activity
-id: 36e037c4-c228-4866-b6a3-48eb292b9955
+id: 36a037c4-c228-4866-b6a3-48eb292b9955
 related:
     - id: c7e91a02-d771-4a6d-a700-42587e0b1095
       type: derived
diff --git a/src/main/resources/rules/test_windows/net_connection_win_regsvr32_network_activity.yml b/src/main/resources/rules/test_windows/net_connection_win_regsvr32_network_activity.yml
index 79d24648f..908fda8a4 100644
--- a/src/main/resources/rules/test_windows/net_connection_win_regsvr32_network_activity.yml
+++ b/src/main/resources/rules/test_windows/net_connection_win_regsvr32_network_activity.yml
@@ -1,5 +1,5 @@
 title: Regsvr32 Network Activity
-id: c7e91a02-d771-4a6d-a700-42587e0b1095
+id: c6e91a02-d771-4a6d-a700-42587e0b1095
 description: Detects network connections and DNS queries initiated by Regsvr32.exe
 references:
     - https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32/
diff --git a/src/main/resources/rules/test_windows/proc_creation_win_susp_regsvr32_no_dll.yml b/src/main/resources/rules/test_windows/proc_creation_win_susp_regsvr32_no_dll.yml
index 5fd6ffc94..6207cc6ec 100644
--- a/src/main/resources/rules/test_windows/proc_creation_win_susp_regsvr32_no_dll.yml
+++ b/src/main/resources/rules/test_windows/proc_creation_win_susp_regsvr32_no_dll.yml
@@ -1,5 +1,5 @@
 title: Regsvr32 Command Line Without DLL
-id: 50919691-7302-437f-8e10-1fe088afa145
+id: 5a919691-7302-437f-8e10-1fe088afa145
 status: experimental
 description: Detects a regsvr.exe execution that doesn't contain a DLL in the command line
 author: Florian Roth
diff --git a/src/main/resources/rules/test_windows/proc_creation_win_system_exe_anomaly.yml b/src/main/resources/rules/test_windows/proc_creation_win_system_exe_anomaly.yml
index c90d1f04b..77127b5ab 100644
--- a/src/main/resources/rules/test_windows/proc_creation_win_system_exe_anomaly.yml
+++ b/src/main/resources/rules/test_windows/proc_creation_win_system_exe_anomaly.yml
@@ -1,5 +1,5 @@
 title: System File Execution Location Anomaly
-id: e4a6b256-3e47-40fc-89d2-7a477edd6915
+id: e5a6b256-3e47-40fc-89d2-7a477edd6915
 status: experimental
 description: Detects a Windows program executable started in a suspicious folder
 references:
diff --git a/src/main/resources/rules/test_windows/win_sample_rule.yml b/src/main/resources/rules/test_windows/win_sample_rule.yml
index b38d74cc8..141c58b32 100644
--- a/src/main/resources/rules/test_windows/win_sample_rule.yml
+++ b/src/main/resources/rules/test_windows/win_sample_rule.yml
@@ -1,5 +1,5 @@
 title: QuarksPwDump Clearing Access History
-id: 06724a9a-52fc-11ed-bdc3-0242ac120002
+id: 06724b9a-52fc-11ed-bdc3-0242ac120002
 status: experimental
 description: Detects QuarksPwDump clearing access history in hive
 author: Florian Roth