diff --git a/atomics/T1546/T1546.yaml b/atomics/T1546/T1546.yaml
index 9f754cc44d..df0f5ab14b 100644
--- a/atomics/T1546/T1546.yaml
+++ b/atomics/T1546/T1546.yaml
@@ -135,3 +135,16 @@ atomic_tests:
       reg delete "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Hangs" /v Debugger /f
     name: command_prompt
     elevation_required: true
+- name: Persistence using automatic execution of custom DLL during RDP session
+  description: |-
+    When remote desktop session is accepted, the system queries the key it queries the Registry key:HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\TestDVCPlugin. 
+    If such key exists, the OS will attempt to read the Path value underneath.Once the Path is read, the DLL that it points to will be loaded via LoadLibrary.
+  supported_platforms:
+  - windows
+  executor:
+    command: |-
+      reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\TestDVCPlugin" /v Path /t REG_SZ /d "C:\Windows\System32\amsi.dll" /f
+    cleanup_command: |-
+      reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\TestDVCPlugin" /f
+    name: command_prompt
+    elevation_required: true