From 09c413e64a57c8ab2ed7eb77bee60ab7e2b9b2ad Mon Sep 17 00:00:00 2001
From: rctgardner <59621072+rctgardner@users.noreply.github.com>
Date: Wed, 9 Jun 2021 13:25:13 -0600
Subject: [PATCH] removed windows test from t1036.005

---
 atomics/T1036.005/T1036.005.yaml | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/atomics/T1036.005/T1036.005.yaml b/atomics/T1036.005/T1036.005.yaml
index 05a1bdd7..4c81dd2d 100644
--- a/atomics/T1036.005/T1036.005.yaml
+++ b/atomics/T1036.005/T1036.005.yaml
@@ -27,25 +27,3 @@ atomic_tests:
     cleanup_command: |
       rm -f $HOME/.../sh
       rmdir $HOME/.../
-
-- name: Execute a process masquerading as a legitimate Windows binary
-  description: |
-    Create and execute a process masquerading as a legitimate Windows binary
-
-  supported_platforms:
-    - windows
-
-  input_arguments:
-    test_message:
-      description: Test message to echo out to the screen
-      type: String
-      default: Hello from the Atomic Red Team test T1036.005#2
-
-  executor:
-    name: command_prompt
-    elevation_required: false
-    command: |
-      copy %WINDIR%\System32\cmd.exe /Y %PUBLIC%\svchost.exe
-      start %PUBLIC%\svchost.exe /C echo "#{test_message}"
-    cleanup_command: |
-      del %PUBLIC%\svchost.exe >nul 2>&1