diff --git a/evtx/Maps/Application_Application-Hang_1002.map b/evtx/Maps/Application_Application-Hang_1002.map
index ac43b7bd..cfb6251d 100644
--- a/evtx/Maps/Application_Application-Hang_1002.map
+++ b/evtx/Maps/Application_Application-Hang_1002.map
@@ -10,7 +10,7 @@ Maps:
     Values:
       -
         Name: Data
-        Value: "/Event/EventData/Data[text()]"
+        Value: "/Event/EventData/Data"
         
 # Documentation:
 # https://www.manageengine.com/products/eventlog/kb/event-1002-application-hang-error-help.html
diff --git a/evtx/Maps/Application_MsiInstaller_10002.map b/evtx/Maps/Application_MsiInstaller_10002.map
index 28f9d165..0aa3a381 100644
--- a/evtx/Maps/Application_MsiInstaller_10002.map
+++ b/evtx/Maps/Application_MsiInstaller_10002.map
@@ -24,7 +24,7 @@ Maps:
     Values:
       -
         Name: Files
-        Value: "/Event/UserData/RmApplicationEvent/Files/File[text()]"
+        Value: "/Event/UserData/RmApplicationEvent/Files/File"
         
 # Documentation:
 # https://kb.eventtracker.com/evtpass/evtpages/EventId_10002_Microsoft-Windows-RestartManager_62090.asp
diff --git a/evtx/Maps/Application_MsiInstaller_1033.map b/evtx/Maps/Application_MsiInstaller_1033.map
index 5196df65..b2d73993 100644
--- a/evtx/Maps/Application_MsiInstaller_1033.map
+++ b/evtx/Maps/Application_MsiInstaller_1033.map
@@ -10,7 +10,7 @@ Maps:
     Values:
       -
         Name: Data
-        Value: "/Event/EventData/Data[text()]"
+        Value: "/Event/EventData/Data"
 
 # Documentation:
 # https://kb.eventtracker.com/evtpass/evtpages/EventId_1033_MsiInstaller_63308.asp
diff --git a/evtx/Maps/Application_MsiInstaller_1034.map b/evtx/Maps/Application_MsiInstaller_1034.map
index 4f2b59ed..3788847a 100644
--- a/evtx/Maps/Application_MsiInstaller_1034.map
+++ b/evtx/Maps/Application_MsiInstaller_1034.map
@@ -10,7 +10,7 @@ Maps:
     Values:
       -
         Name: Data
-        Value: "/Event/EventData/Data[text()]"
+        Value: "/Event/EventData/Data"
 
 # Documentation:
 # https://kb.eventtracker.com/evtpass/evtpages/EventId_1034_MsiInstaller_63315.asp
diff --git a/evtx/Maps/Application_MsiInstaller_11707.map b/evtx/Maps/Application_MsiInstaller_11707.map
index 063c7ffa..d7d0ffdc 100644
--- a/evtx/Maps/Application_MsiInstaller_11707.map
+++ b/evtx/Maps/Application_MsiInstaller_11707.map
@@ -6,11 +6,11 @@ Provider: "MsiInstaller"
 Maps:
   -
     Property: PayloadData1
-    PropertyValue: "Data: %Data%"
+    PropertyValue: "%Data%"
     Values:
       -
         Name: Data
-        Value: "/Event/EventData/Data[1]"
+        Value: "/Event/EventData/Data"
 
 # Documentation:
 # https://kb.eventtracker.com/evtpass/evtpages/EventId_11707_MsiInstaller_47299.asp
diff --git a/evtx/Maps/Application_MsiInstaller_11708.map b/evtx/Maps/Application_MsiInstaller_11708.map
index e7ebfb1b..d519900f 100644
--- a/evtx/Maps/Application_MsiInstaller_11708.map
+++ b/evtx/Maps/Application_MsiInstaller_11708.map
@@ -6,11 +6,11 @@ Provider: "MsiInstaller"
 Maps:
   -
     Property: PayloadData1
-    PropertyValue: "Data: %Data%"
+    PropertyValue: "%Data%"
     Values:
       -
         Name: Data
-        Value: "/Event/EventData/Data[1]"
+        Value: "/Event/EventData/Data"
 
 # Documentation:
 # https://kb.eventtracker.com/evtpass/evtpages/EventId_11708_MsiInstaller_46225.asp
diff --git a/evtx/Maps/Application_MsiInstaller_11724.map b/evtx/Maps/Application_MsiInstaller_11724.map
index ae8fec68..f3fc36e6 100644
--- a/evtx/Maps/Application_MsiInstaller_11724.map
+++ b/evtx/Maps/Application_MsiInstaller_11724.map
@@ -6,11 +6,11 @@ Provider: "MsiInstaller"
 Maps:
   -
     Property: PayloadData1
-    PropertyValue: "Data: %Data%"
+    PropertyValue: "%Data%"
     Values:
       -
         Name: Data
-        Value: "/Event/EventData/Data[1]"
+        Value: "/Event/EventData/Data"
 
 # Documentation:
 # https://kb.eventtracker.com/evtpass/evtpages/EventId_11724_Msiinstaller_52366.asp
diff --git a/evtx/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_28115.map b/evtx/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_28115.map
index 37a9a939..2a5ed780 100644
--- a/evtx/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_28115.map
+++ b/evtx/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_28115.map
@@ -5,14 +5,14 @@ Channel: "Microsoft-Windows-Shell-Core/Operational"
 Provider: "Microsoft-Windows-Shell-Core"
 Maps:
   -
-    Property: PayloadData1
-    PropertyValue: "Name: %Name%"
+    Property: ExecutableInfo
+    PropertyValue: "%Name%"
     Values:
       -
         Name: Name
         Value: "/Event/EventData/Data[@Name=\"Name\"]"
   -
-    Property: PayloadData2
+    Property: PayloadData1
     PropertyValue: "AppID: %AppID%"
     Values:
       -
diff --git a/evtx/Maps/Microsoft-Windows-User Profile Service-Operational_Microsoft-Windows-User Profiles Service_67.map b/evtx/Maps/Microsoft-Windows-User Profile Service-Operational_Microsoft-Windows-User Profiles Service_67.map
index 921c663a..90d51020 100644
--- a/evtx/Maps/Microsoft-Windows-User Profile Service-Operational_Microsoft-Windows-User Profiles Service_67.map	
+++ b/evtx/Maps/Microsoft-Windows-User Profile Service-Operational_Microsoft-Windows-User Profiles Service_67.map	
@@ -5,12 +5,13 @@ Channel: "Microsoft-Windows-User Profile Service/Operational"
 Provider: "Microsoft-Windows-User Profiles Service"
 Maps:
   -
-    Property: PayloadData1
-    PropertyValue: "LocalPath: %LocalPath%"
+    Property: UserName
+    PropertyValue: "%LocalPath%"
     Values:
       -
         Name: LocalPath
         Value: "/Event/EventData/Data[@Name=\"LocalPath\"]"
+        Refine: "(?<=Users\\\\).*"
         
 # Documentation:
 # N/A