From 1b6204cc230bfb8b210e32e7fa824b96cce77a2a Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Thu, 17 Mar 2022 16:18:52 +0000
Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs
 branch=master [skip ci]

---
 atomics/Indexes/index.yaml | 4 ++--
 atomics/T1112/T1112.md     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 8754ec81..91e8fe9c 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -31815,8 +31815,8 @@ defense-evasion:
           /v DisableRegistryTools /t REG_DWORD /d 1 /f
 
 '
-        cleanup_command: 'reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\system
-          /v DisableRegistryTools /f >nul 2>&1
+        cleanup_command: 'powershell Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\policies\system"
+          -Name DisableRegistryTools -ErrorAction Ignore
 
 '
         name: command_prompt
diff --git a/atomics/T1112/T1112.md b/atomics/T1112/T1112.md
index 95ff2ab5..e4526dd0 100644
--- a/atomics/T1112/T1112.md
+++ b/atomics/T1112/T1112.md
@@ -406,7 +406,7 @@ reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\sys
 
 #### Cleanup Commands:
 ```cmd
-reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableRegistryTools /f >nul 2>&1
+powershell Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\policies\system" -Name DisableRegistryTools -ErrorAction Ignore
 ```