diff --git a/executable/resource/extract-resource-via-kernel32-functions.yml b/executable/resource/extract-resource-via-kernel32-functions.yml
index ae1b605a1..2599839bc 100644
--- a/executable/resource/extract-resource-via-kernel32-functions.yml
+++ b/executable/resource/extract-resource-via-kernel32-functions.yml
@@ -28,4 +28,3 @@ rule:
             - api: LdrFindResourceEx_U
           - api: kernel32.SizeofResource
           - api: kernel32.FreeResource
-      - api: user32.LoadString
diff --git a/host-interaction/process/terminate/terminate-process-via-fastfail.yml b/host-interaction/process/terminate/terminate-process-via-fastfail.yml
deleted file mode 100644
index 0f2dd2bf5..000000000
--- a/host-interaction/process/terminate/terminate-process-via-fastfail.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-rule:
-  meta:
-    name: terminate process via fastfail
-    namespace: host-interaction/process/terminate
-    authors:
-      - "@_re_fox"
-    scope: instruction
-    mbc:
-      - Process::Terminate Process [C0018]
-    references:
-      - https://docs.microsoft.com/en-us/cpp/intrinsics/fastfail?view=vs-2019
-    examples:
-      - b87e9dd18a5533a09d3e48a7a1efbcf6:0x14000747F
-  features:
-    - and:
-      - mnemonic: int
-      - number: 0x29
diff --git a/host-interaction/registry/create-or-open-registry-key.yml b/lib/create-or-open-registry-key.yml
similarity index 97%
rename from host-interaction/registry/create-or-open-registry-key.yml
rename to lib/create-or-open-registry-key.yml
index 3442919d0..3c2f6d566 100644
--- a/host-interaction/registry/create-or-open-registry-key.yml
+++ b/lib/create-or-open-registry-key.yml
@@ -1,10 +1,10 @@
 rule:
   meta:
     name: create or open registry key
-    namespace: host-interaction/registry
     authors:
       - michael.hunhoff@mandiant.com
       - anushka.virgaonkar@mandiant.com
+    lib: true
     scope: basic block
     mbc:
       - Operating System::Registry::Create Registry Key [C0036.004]