From 21dc92261d58f62719b9dc2181627edc19cb7e8c Mon Sep 17 00:00:00 2001
From: Atomic Red Team GUID generator <opensource@redcanary.com>
Date: Sat, 2 Jul 2022 02:37:28 +0000
Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci]

---
 atomics/T1112/T1112.yaml | 3 +++
 atomics/used_guids.txt   | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/atomics/T1112/T1112.yaml b/atomics/T1112/T1112.yaml
index 1d4ccbef..4ba85995 100644
--- a/atomics/T1112/T1112.yaml
+++ b/atomics/T1112/T1112.yaml
@@ -605,6 +605,7 @@ atomic_tests:
     name: command_prompt
     elevation_required: true
 - name: NetWire RAT Registry Key Creation
+  auto_generated_guid: 65704cd4-6e36-4b90-b6c1-dc29a82c8e56
   description: |
     NetWire continues to create its home key (HKCU\SOFTWARE\NetWire) as well as adding it into the auto-run group in the victim’s registry.
     See how NetWire malware - https://app.any.run/tasks/41ecdbde-4997-4301-a350-0270448b4c8f/
@@ -622,6 +623,7 @@ atomic_tests:
     name: command_prompt
     elevation_required: true
 - name: Ursnif Malware Registry Key Creation
+  auto_generated_guid: c375558d-7c25-45e9-bd64-7b23a97c1db0
   description: |
       Ursnif downloads additional modules from the C&C server and saves these in the registry folder HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\
       More information - https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-campaign-uses-hijacked-emails-to-deliver-ursnif-by-replying-to-ongoing-threads/
@@ -636,6 +638,7 @@ atomic_tests:
     name: command_prompt
     elevation_required: true
 - name: Terminal Server Client Connection History Cleared
+  auto_generated_guid: 3448824b-3c35-4a9e-a8f5-f887f68bea21
   description: |
       The built-in Windows Remote Desktop Connection (RDP) client (mstsc.exe) saves the remote computer name (or IP address) and the username that is used to login after each successful connection to the remote computer
   supported_platforms:
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 7d29770a..bb85bf27 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1076,3 +1076,6 @@ c30dada3-7777-4590-b970-dc890b8cf113
 86677d0e-0b5e-4a2b-b302-454175f9aa9e
 161d694c-b543-4434-85c3-c3a433e33792
 ecca999b-e0c8-40e8-8416-ad320b146a75
+65704cd4-6e36-4b90-b6c1-dc29a82c8e56
+c375558d-7c25-45e9-bd64-7b23a97c1db0
+3448824b-3c35-4a9e-a8f5-f887f68bea21