diff --git a/detections/endpoint/windows_alternate_datastream___process_execution.yml b/detections/endpoint/windows_alternate_datastream___process_execution.yml
index 1cb8d9ddb3..01b8479975 100644
--- a/detections/endpoint/windows_alternate_datastream___process_execution.yml
+++ b/detections/endpoint/windows_alternate_datastream___process_execution.yml
@@ -26,7 +26,7 @@ search: |-
         "powershell.exe",
         "pwsh.exe",
         "regini.exe",
-        "regscr32.exe",
+        "regsvr32.exe",
         "rundll32.exe",
         "sc.exe",
         "wmic.exe",