From 413aa26cacb0e014eae949a8cb69ce23e7ae500b Mon Sep 17 00:00:00 2001
From: san-gwea <57334373+san-gwea@users.noreply.github.com>
Date: Fri, 17 Jan 2020 17:53:50 -0600
Subject: [PATCH] clean up : Added "-ErrorAction Ignore" to remove error for
 file not created  (#777)

* show executor and privilege requirement

* added an atomic to add c2 domain under trusted zoneMap

* corrected typos

* modified adding a domain by creating one the key is not there

* moved registry modification atomic under T1112

* updated local execution file to be current

* corrected typos

* corrected typos

* added suppression for file not found in clean up

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1037/T1037.yaml | 10 +++++-----
 atomics/T1088/T1088.yaml |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/atomics/T1037/T1037.yaml b/atomics/T1037/T1037.yaml
index 7528f038..d1bd9622 100644
--- a/atomics/T1037/T1037.yaml
+++ b/atomics/T1037/T1037.yaml
@@ -28,8 +28,8 @@ atomic_tests:
       REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_SZ /d "#{script_path}"
     cleanup_command: |
       REG.exe DELETE HKCU\Environment /v UserInitMprLogonScript /f
-      del #{script_path}
-      del "%USERPROFILE%\desktop\T1037-log.txt"
+      del #{script_path} >nul 2>nul
+      del "%USERPROFILE%\desktop\T1037-log.txt" >nul 2>nul
 
 - name: Startup Folder Script
   description: |
@@ -56,9 +56,9 @@ atomic_tests:
       New-Item "$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T1037.bat" -force
       Set-Content "$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T1037.bat" "cmd /c #{system_command}"
     cleanup_command: |
-      Remove-Item "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\T1037.bat"
-      Remove-Item "$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T1037.bat"
-      Remove-Item "$env:USERPROFILE\desktop\T1037-log.txt"
+      Remove-Item "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\T1037.bat" -ErrorAction Ignore
+      Remove-Item "$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T1037.bat" -ErrorAction Ignore
+      Remove-Item "$env:USERPROFILE\desktop\T1037-log.txt" -ErrorAction Ignore
 
 - name: Scheduled Task Startup Script
   description: |
diff --git a/atomics/T1088/T1088.yaml b/atomics/T1088/T1088.yaml
index da18b9f2..a23156ba 100644
--- a/atomics/T1088/T1088.yaml
+++ b/atomics/T1088/T1088.yaml
@@ -91,7 +91,7 @@ atomic_tests:
       Set-ItemProperty "HKCU:\software\classes\ms-settings\shell\open\command" -Name "(default)" -Value "#{executable_binary}" -Force
       Start-Process "C:\Windows\System32\fodhelper.exe"
     cleanup_command: |
-      Remove-Item "HKCU:\software\classes\ms-settings" -force -Recurse
+      Remove-Item "HKCU:\software\classes\ms-settings" -force -Recurse -ErrorAction Ignore
 
 - name: Bypass UAC using ComputerDefaults - PowerShell
   description: |
@@ -139,4 +139,4 @@ atomic_tests:
       mklink c:\testbypass.exe "\\?\C:\Windows \System32\mmc.exe"
     cleanup_command: |
       rd "\\?\C:\Windows \" /S /Q
-      del "c:\testbypass.exe"
+      del "c:\testbypass.exe" >nul 2>nul