From db83c335cbba9861f2e0b3e42a2b89e0f42ca51d Mon Sep 17 00:00:00 2001
From: vict0ni <32034171+victoni@users.noreply.github.com>
Date: Mon, 29 Sep 2025 23:55:00 +0300
Subject: [PATCH] Update Regsvr32.yml (#461)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/OSBinaries/Regsvr32.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/yml/OSBinaries/Regsvr32.yml b/yml/OSBinaries/Regsvr32.yml
index 10fa857..6c872f6 100644
--- a/yml/OSBinaries/Regsvr32.yml
+++ b/yml/OSBinaries/Regsvr32.yml
@@ -42,6 +42,24 @@ Commands:
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
     Tags:
       - Execute: SCT
+  - Command: regsvr32.exe /s {PATH:.dll}
+    Description: Execute code in a DLL. The code must be inside the exported function `DllRegisterServer`.
+    Usecase: Execute DLL file
+    Category: Execute
+    Privileges: User
+    MitreID: T1218.010
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
+    Tags:
+      - Execute: DLL
+  - Command: regsvr32.exe /u /s {PATH:.dll}
+    Description: Execute code in a DLL. The code must be inside the exported function `DllUnRegisterServer`.
+    Usecase: Execute DLL file
+    Category: Execute
+    Privileges: User
+    MitreID: T1218.010
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
+    Tags:
+      - Execute: DLL
 Full_Path:
   - Path: C:\Windows\System32\regsvr32.exe
   - Path: C:\Windows\SysWOW64\regsvr32.exe