diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 2f45abe8..22a3d306 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -21752,13 +21752,12 @@ defense-evasion:
           Invoke-WebRequest "#{url_path}" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\T1027.zip"
           Expand-Archive -path "PathToAtomicsFolder\..\ExternalPayloads\T1027.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027.zip\" -Force
       executor:
-        command: '"%temp%\temp_T1027.zip\T1027.exe"
+        command: '"PathToAtomicsFolder\..\ExternalPayloads\temp_T1027.zip\T1027.exe"
 
           '
         cleanup_command: |
           taskkill /f /im calculator.exe >nul 2>nul
-          rmdir /S /Q %temp%\temp_T1027.zip >nul 2>nul
-          del /Q "%temp%\T1027.zip" >nul 2>nul
+          taskkill /f /im CalculatorApp.exe >nul 2>nul
         name: command_prompt
     - name: DLP Evasion via Sensitive Data in VBA Macro over email
       auto_generated_guid: 129edb75-d7b8-42cd-a8ba-1f3db64ec4ad
diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml
index fa99ba3d..abb45a45 100644
--- a/atomics/Indexes/windows-index.yaml
+++ b/atomics/Indexes/windows-index.yaml
@@ -18565,13 +18565,12 @@ defense-evasion:
           Invoke-WebRequest "#{url_path}" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\T1027.zip"
           Expand-Archive -path "PathToAtomicsFolder\..\ExternalPayloads\T1027.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027.zip\" -Force
       executor:
-        command: '"%temp%\temp_T1027.zip\T1027.exe"
+        command: '"PathToAtomicsFolder\..\ExternalPayloads\temp_T1027.zip\T1027.exe"
 
           '
         cleanup_command: |
           taskkill /f /im calculator.exe >nul 2>nul
-          rmdir /S /Q %temp%\temp_T1027.zip >nul 2>nul
-          del /Q "%temp%\T1027.zip" >nul 2>nul
+          taskkill /f /im CalculatorApp.exe >nul 2>nul
         name: command_prompt
     - name: DLP Evasion via Sensitive Data in VBA Macro over email
       auto_generated_guid: 129edb75-d7b8-42cd-a8ba-1f3db64ec4ad
diff --git a/atomics/T1027/T1027.md b/atomics/T1027/T1027.md
index 396d6310..2137d783 100644
--- a/atomics/T1027/T1027.md
+++ b/atomics/T1027/T1027.md
@@ -196,14 +196,13 @@ Mimic execution of compressed executable. When successfully executed, calculator
 
 
 ```cmd
-"%temp%\temp_T1027.zip\T1027.exe"
+"PathToAtomicsFolder\..\ExternalPayloads\temp_T1027.zip\T1027.exe"
 ```
 
 #### Cleanup Commands:
 ```cmd
 taskkill /f /im calculator.exe >nul 2>nul
-rmdir /S /Q %temp%\temp_T1027.zip >nul 2>nul
-del /Q "%temp%\T1027.zip" >nul 2>nul
+taskkill /f /im CalculatorApp.exe >nul 2>nul
 ```