diff --git a/detections/endpoint/windows_alternate_datastream___process_execution.yml b/detections/endpoint/windows_alternate_datastream___process_execution.yml
index 86a184679e..6616c0ce08 100644
--- a/detections/endpoint/windows_alternate_datastream___process_execution.yml
+++ b/detections/endpoint/windows_alternate_datastream___process_execution.yml
@@ -1,8 +1,8 @@
 name: Windows Alternate DataStream - Process Execution
 id: 30c32c5c-41fe-45db-84fe-275e4320da3f
-version: 12
+version: 13
 creation_date: '2024-01-10'
-modification_date: '2026-05-13'
+modification_date: '2026-06-04'
 author: Steven Dick
 status: production
 type: TTP
@@ -27,7 +27,7 @@ search: |-
         "powershell.exe",
         "pwsh.exe",
         "regini.exe",
-        "regscr32.exe",
+        "regsvr32.exe",
         "rundll32.exe",
         "sc.exe",
         "wmic.exe",