From 3fb8f3acfa817b45776d5271eae3c61ae5ebb268 Mon Sep 17 00:00:00 2001
From: Carrie Roberts <clr2of8@gmail.com>
Date: Fri, 3 Jul 2020 09:53:36 -0600
Subject: [PATCH] remove essentially duplicated test

---
 atomics/T1040/T1040.yaml | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/atomics/T1040/T1040.yaml b/atomics/T1040/T1040.yaml
index 419e537e..aaa93867 100644
--- a/atomics/T1040/T1040.yaml
+++ b/atomics/T1040/T1040.yaml
@@ -75,24 +75,3 @@ atomic_tests:
       c:\windump.exe
     name: command_prompt
     elevation_required: true
-- name: Packet Capture PowerShell
-  auto_generated_guid: 2bf62970-013a-4c74-b0a8-64030874e89a
-  description: |
-    Perform a packet capture using PowerShell with windump or tshark. This will require a host that has Wireshark/Tshark
-    installed, along with WinPCAP. Windump will require the windump executable.
-
-    Upon successful execution, tshark will spawn from powershell and capture 5 packets on interface Ethernet0.
-  supported_platforms:
-  - windows
-  input_arguments:
-    interface:
-      description: Specify interface to perform PCAP on.
-      type: String
-      default: Ethernet0
-  executor:
-    command: |
-      & "c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
-      & c:\windump.exe
-    name: powershell
-    elevation_required: true
-