diff --git a/yml/OSBinaries/Regini.yml b/yml/OSBinaries/Regini.yml
new file mode 100644
index 0000000..ce20f4c
--- /dev/null
+++ b/yml/OSBinaries/Regini.yml
@@ -0,0 +1,27 @@
+---
+Name: Regini.exe
+Description: Used to manipulate the registry
+Author: 'Oddvar Moe'
+Created: '2020-07-03'
+Commands:
+  - Command: regini.exe newfile.txt:hidden.ini
+    Description: Write registry keys from data inside the Alternate data stream.
+    Usecase: Write to registry
+    Category: ADS
+    Privileges: User
+    MitreID: T1096
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1096
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
+Full_Path:
+  - Path: C:\Windows\System32\regini.exe
+  - Path: C:\Windows\SysWOW64\regini.exe
+Code_Sample: 
+- Code:
+Detection:
+ - IOC: regini.exe reading from ADS
+Resources:
+  - Link: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+Acknowledgement:
+  - Person: Eli Salem
+    Handle: '@elisalem9'
+---
\ No newline at end of file