diff --git a/yml/microsoft/built-in/drvstore.yml b/yml/microsoft/built-in/drvstore.yml
index b361f57..658f6b3 100644
--- a/yml/microsoft/built-in/drvstore.yml
+++ b/yml/microsoft/built-in/drvstore.yml
@@ -23,9 +23,16 @@ VulnerableExecutables:
   - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Type: Catalog
+- Path: 'hvciscan_amd64.exe'
+  Type: Sideloading
+  ExpectedSignatureInformation:
+  - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Type: Catalog
 Resources:
 - https://securityintelligence.com/posts/windows-features-dll-sideloading/
 - https://github.com/xforcered/WFH
+- https://www.microsoft.com/en-us/download/details.aspx?id=105437
 Acknowledgements:
 - Name: Chris Spehn
   Twitter: '@ConsciousHacker'