From 757ef5c67c5a40fa57794cd445c0e734c62b7954 Mon Sep 17 00:00:00 2001
From: David Sarkisyan <281478990+srkyn@users.noreply.github.com>
Date: Fri, 22 May 2026 11:33:09 -0400
Subject: [PATCH] Fix regsvr32 typo in ADS process detection

---
 .../windows_alternate_datastream___process_execution.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detections/endpoint/windows_alternate_datastream___process_execution.yml b/detections/endpoint/windows_alternate_datastream___process_execution.yml
index 1cb8d9ddb3..01b8479975 100644
--- a/detections/endpoint/windows_alternate_datastream___process_execution.yml
+++ b/detections/endpoint/windows_alternate_datastream___process_execution.yml
@@ -26,7 +26,7 @@ search: |-
         "powershell.exe",
         "pwsh.exe",
         "regini.exe",
-        "regscr32.exe",
+        "regsvr32.exe",
         "rundll32.exe",
         "sc.exe",
         "wmic.exe",