diff --git a/rules/windows/file/file_event/file_event_win_create_non_existent_dlls.yml b/rules/windows/file/file_event/file_event_win_create_non_existent_dlls.yml
index ebf54c4c2..76944cc3c 100644
--- a/rules/windows/file/file_event/file_event_win_create_non_existent_dlls.yml
+++ b/rules/windows/file/file_event/file_event_win_create_non_existent_dlls.yml
@@ -11,6 +11,7 @@ references:
     - https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection/
     - https://github.com/Wh04m1001/SysmonEoP
     - https://www.hexacorn.com/blog/2013/12/08/beyond-good-ol-run-key-part-5/
+    - https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2022/12/01
 modified: 2022/12/09
@@ -30,6 +31,7 @@ detection:
             - 'C:\Windows\System32\TSMSISrv.dll'
             - 'C:\Windows\System32\TSVIPSrv.dll'
             - 'C:\Windows\System32\wow64log.dll'
+        TargetFileName|endswith: '\SprintCSP.dll'
     filter:
         Image|startswith: 'C:\Windows\System32\'
     condition: selection and not filter