From d67c8f5c11b84ca971a4499420dae8883eccfdc2 Mon Sep 17 00:00:00 2001
From: "Chris \"Lopi\" Spehn" <chris.spehn@gmail.com>
Date: Fri, 20 Mar 2020 11:51:21 -0600
Subject: [PATCH] Update RegAsm to the correct permissions

---
 yml/OSBinaries/Regasm.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/yml/OSBinaries/Regasm.yml b/yml/OSBinaries/Regasm.yml
index 1569be0..1729e21 100644
--- a/yml/OSBinaries/Regasm.yml
+++ b/yml/OSBinaries/Regasm.yml
@@ -8,12 +8,12 @@ Commands:
     Description: Loads the target .DLL file and executes the RegisterClass function.
     Usecase: Execute code and bypass Application whitelisting
     Category: AWL bypass
-    Privileges: User
+    Privileges: Local Admin
     MitreID: T1121
     MitreLink: https://attack.mitre.org/wiki/Technique/T1121
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
-  - Command: regasm.exe AllTheThingsx64.dll 
-    Description: Loads the target .DLL file and executes the RegisterClass function.
+  - Command: regasm.exe /U AllTheThingsx64.dll 
+    Description: Loads the target .DLL file and executes the UnRegisterClass function.
     Usecase: Execute code and bypass Application whitelisting
     Category: Execute
     Privileges: User
@@ -36,4 +36,4 @@ Resources:
 Acknowledgement:
   - Person: Casey Smith
     Handle: '@subtee'
----
\ No newline at end of file
+---