diff --git a/nursery/persist-via-task-scheduler.yml b/nursery/persist-via-task-scheduler.yml
deleted file mode 100644
index 66827cf0..00000000
--- a/nursery/persist-via-task-scheduler.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-rule:
-  meta:
-    name: persist via Task Scheduler
-    namespace: persistence/registry
-    authors:
-      - j.j.vannielen@utwente.nl
-    scopes:
-      static: function
-      dynamic: call
-    att&ck:
-      - Persistence::Scheduled Task/Job::Scheduled Task [T1053.005]
-    references:
-      - https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page
-      - https://stmxcsr.com/persistence/scheduled-tasks.html
-  features:
-    - or:
-      - and:
-        - match: set registry value
-        - string: /Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\/i
-        - string: /^Actions$/i
-      - and:
-        - match: host-interaction/process/create
-        - string: /schtasks(|\.exe) /i
-        - or:
-          - string: /\/change/i
-          - string: /\/create/i
diff --git a/persistence/scheduled-tasks/schedule-task-via-schtasks.yml b/persistence/scheduled-tasks/schedule-task-via-schtasks.yml
index 4d7f58a3..8d42215a 100644
--- a/persistence/scheduled-tasks/schedule-task-via-schtasks.yml
+++ b/persistence/scheduled-tasks/schedule-task-via-schtasks.yml
@@ -4,18 +4,29 @@ rule:
     namespace: persistence/scheduled-tasks
     authors:
       - 0x534a@mailbox.org
+      - j.j.vannielen@utwente.nl
     scopes:
       static: function
       dynamic: thread
     att&ck:
       - Persistence::Scheduled Task/Job::Scheduled Task [T1053.005]
+    references:
+      - https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page
+      - https://stmxcsr.com/persistence/scheduled-tasks.html
     examples:
       - 79cde1aa711e321b4939805d27e160be:0x401440
   features:
-    - and:
-      - match: host-interaction/process/create
-      - or:
-        - and:
-          - string: /schtasks/i
-          - string: /\/create /i
-        - string: /Register-ScheduledTask /i
+    - or:
+      - and:
+        - match: set registry value
+        - string: /Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\/i
+        - string: /^Actions$/i
+      - and:
+        - match: host-interaction/process/create
+        - or:
+          - and:
+            - string: /schtasks/i
+            - or:
+              - string: /\/change/i
+              - string: /\/create/i
+          - string: /Register-ScheduledTask /i