From 0b80c61208bb8716cd57a16f1a573518dec775ed Mon Sep 17 00:00:00 2001
From: Atomic Red Team GUID generator <opensource@redcanary.com>
Date: Fri, 29 Jul 2022 15:07:10 +0000
Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci]

---
 atomics/T1546.015/T1546.015.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1546.015/T1546.015.yaml b/atomics/T1546.015/T1546.015.yaml
index f962aa48..d938c90c 100644
--- a/atomics/T1546.015/T1546.015.yaml
+++ b/atomics/T1546.015/T1546.015.yaml
@@ -96,6 +96,7 @@ atomic_tests:
       Remove-Item -Path 'HKCU:\SOFTWARE\Classes\CLSID\#{clsid}' -Recurse -ErrorAction Ignore
     name: powershell
 - name: COM hijacking via TreatAs
+  auto_generated_guid: 33eacead-f117-4863-8eb0-5c6304fbfaa9
   description: |-
     This test first create a custom CLSID class pointing to the Windows Script Component runtime DLL. This DLL looks for the ScriptletURL key to get the location of the script to execute.
     Then, it hijacks the CLSID for the Work Folders Logon Synchronization to establish persistence on user logon by creating the 'TreatAs' with the malicious CLSID as default value. The
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 7c51f4fd..448eadfb 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1097,3 +1097,4 @@ df81db1b-066c-4802-9bc8-b6d030c3ba8e
 ae9b2e3e-efa1-4483-86e2-fae529ab9fb6
 a27418de-bdce-4ebd-b655-38f11142bf0c
 1e40bb1d-195e-401e-a86b-c192f55e005c
+33eacead-f117-4863-8eb0-5c6304fbfaa9