diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 0fb5f4a6..ed582681 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -209,7 +209,7 @@ defense-evasion,T1036,Masquerading,5,Masquerading - powershell.exe running as ta
 defense-evasion,T1036,Masquerading,6,Masquerading - non-windows exe running as windows exe,bc15c13f-d121-4b1f-8c7d-28d95854d086,powershell
 defense-evasion,T1036,Masquerading,7,Masquerading - windows exe running as different windows exe,c3d24a39-2bfe-4c6a-b064-90cd73896cb0,powershell
 defense-evasion,T1036,Masquerading,8,Malicious process Masquerading as LSM.exe,83810c46-f45e-4485-9ab6-8ed0e9e6ed7f,command_prompt
-defense-evasion,T1036,Masquerading,9,File Extension Masquerading,c7fa0c3b-b57f-4cba-9118-863bf4e653fc,powershell
+defense-evasion,T1036,Masquerading,9,File Extension Masquerading,c7fa0c3b-b57f-4cba-9118-863bf4e653fc,command_prompt
 defense-evasion,T1112,Modify Registry,1,Modify Registry of Current User Profile - cmd,1324796b-d0f6-455a-b4ae-21ffee6aa6b9,command_prompt
 defense-evasion,T1112,Modify Registry,2,Modify Registry of Local Machine - cmd,282f929a-6bc5-42b8-bd93-960c3ba35afe,command_prompt
 defense-evasion,T1112,Modify Registry,3,Modify registry to store logon credentials,c0413fb5-33e2-40b7-9b6f-60b29f4a7a18,command_prompt
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 10e65082..dcaf0eed 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -75,7 +75,7 @@ defense-evasion,T1036,Masquerading,5,Masquerading - powershell.exe running as ta
 defense-evasion,T1036,Masquerading,6,Masquerading - non-windows exe running as windows exe,bc15c13f-d121-4b1f-8c7d-28d95854d086,powershell
 defense-evasion,T1036,Masquerading,7,Masquerading - windows exe running as different windows exe,c3d24a39-2bfe-4c6a-b064-90cd73896cb0,powershell
 defense-evasion,T1036,Masquerading,8,Malicious process Masquerading as LSM.exe,83810c46-f45e-4485-9ab6-8ed0e9e6ed7f,command_prompt
-defense-evasion,T1036,Masquerading,9,File Extension Masquerading,c7fa0c3b-b57f-4cba-9118-863bf4e653fc,powershell
+defense-evasion,T1036,Masquerading,9,File Extension Masquerading,c7fa0c3b-b57f-4cba-9118-863bf4e653fc,command_prompt
 defense-evasion,T1112,Modify Registry,1,Modify Registry of Current User Profile - cmd,1324796b-d0f6-455a-b4ae-21ffee6aa6b9,command_prompt
 defense-evasion,T1112,Modify Registry,2,Modify Registry of Local Machine - cmd,282f929a-6bc5-42b8-bd93-960c3ba35afe,command_prompt
 defense-evasion,T1112,Modify Registry,3,Modify registry to store logon credentials,c0413fb5-33e2-40b7-9b6f-60b29f4a7a18,command_prompt
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 52a92015..fc784065 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -12657,37 +12657,37 @@ defense-evasion:
           type: path
           default: PathToAtomicsFolder\T1036\src\T1036_masquerading.ps1
       executor:
-        name: powershell
+        name: command_prompt
         elevation_required: false
         command: |
-          Copy-Item #{exe_path} -Destination $env:TEMP\T1036_masquerading.docx.exe -Force
-          Copy-Item #{exe_path} -Destination $env:TEMP\T1036_masquerading.pdf.exe -Force
-          Copy-Item #{exe_path} -Destination $env:TEMP\T1036_masquerading.ps1.exe -Force
-          Copy-Item #{vbs_path} -Destination $env:TEMP\T1036_masquerading.xls.vbs -Force
-          Copy-Item #{vbs_path} -Destination $env:TEMP\T1036_masquerading.xlsx.vbs -Force
-          Copy-Item #{vbs_path} -Destination $env:TEMP\T1036_masquerading.png.vbs -Force
-          Copy-Item #{ps1_path} -Destination $env:TEMP\T1036_masquerading.vbs.ps1 -Force
-          Copy-Item #{ps1_path} -Destination $env:TEMP\T1036_masquerading.exe.ps1 -Force
-          Copy-Item #{ps1_path} -Destination $env:TEMP\T1036_masquerading.js.ps1 -Force
-          Invoke-Expression $env:TEMP\T1036_masquerading.docx.exe
-          Invoke-Expression $env:TEMP\T1036_masquerading.pdf.exe
-          Invoke-Expression $env:TEMP\T1036_masquerading.ps1.exe
-          Invoke-Expression $env:TEMP\T1036_masquerading.xls.vbs
-          Invoke-Expression $env:TEMP\T1036_masquerading.xlsx.vbs
-          Invoke-Expression $env:TEMP\T1036_masquerading.png.vbs
-          Invoke-Expression $env:TEMP\T1036_masquerading.vbs.ps1
-          Invoke-Expression $env:TEMP\T1036_masquerading.exe.ps1
-          Invoke-Expression $env:TEMP\T1036_masquerading.js.ps1
+          copy #{exe_path} %temp%\T1036_masquerading.docx.exe /Y
+          copy #{exe_path} %temp%\T1036_masquerading.pdf.exe /Y
+          copy #{exe_path} %temp%\T1036_masquerading.ps1.exe /Y
+          copy #{vbs_path} %temp%\T1036_masquerading.xls.vbs /Y
+          copy #{vbs_path} %temp%\T1036_masquerading.xlsx.vbs /Y
+          copy #{vbs_path} %temp%\T1036_masquerading.png.vbs /Y
+          copy #{ps1_path} %temp%\T1036_masquerading.doc.ps1 /Y
+          copy #{ps1_path} %temp%\T1036_masquerading.pdf.ps1 /Y
+          copy #{ps1_path} %temp%\T1036_masquerading.rtf.ps1 /Y
+          %temp%\T1036_masquerading.docx.exe
+          %temp%\T1036_masquerading.pdf.exe
+          %temp%\T1036_masquerading.ps1.exe
+          %temp%\T1036_masquerading.xls.vbs
+          %temp%\T1036_masquerading.xlsx.vbs
+          %temp%\T1036_masquerading.png.vbs
+          C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File %temp%\T1036_masquerading.doc.ps1
+          C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File %temp%\T1036_masquerading.pdf.ps1
+          C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File %temp%\T1036_masquerading.rtf.ps1
         cleanup_command: |
-          Remove-Item $env:TEMP\T1036_masquerading.docx.exe -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.pdf.exe -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.ps1.exe -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.xls.vbs -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.xlsx.vbs -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.png.vbs -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.vbs.ps1 -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.exe.ps1 -Force -ErrorAction Ignore | Out-Null
-          Remove-Item $env:TEMP\T1036_masquerading.js.ps1 -Force -ErrorAction Ignore | Out-Null
+          del /f %temp%\T1036_masquerading.docx.exe > nul 2>&1
+          del /f %temp%\T1036_masquerading.pdf.exe > nul 2>&1
+          del /f %temp%\T1036_masquerading.ps1.exe > nul 2>&1
+          del /f %temp%\T1036_masquerading.xls.vbs > nul 2>&1
+          del /f %temp%\T1036_masquerading.xlsx.vbs > nul 2>&1
+          del /f %temp%\T1036_masquerading.png.vbs > nul 2>&1
+          del /f %temp%\T1036_masquerading.doc.ps1 > nul 2>&1
+          del /f %temp%\T1036_masquerading.pdf.ps1 > nul 2>&1
+          del /f %temp%\T1036_masquerading.rtf.ps1 > nul 2>&1
   T1112:
     technique:
       x_mitre_data_sources:
diff --git a/atomics/T1036/T1036.md b/atomics/T1036/T1036.md
index 3497b971..2982e7ba 100644
--- a/atomics/T1036/T1036.md
+++ b/atomics/T1036/T1036.md
@@ -330,41 +330,41 @@ e.g SOME_LEGIT_NAME.[doc,docx,xls,xlsx,pdf,rtf,png,jpg,etc.].[exe,vbs,js,ps1,etc
 | ps1_path | path of powershell script to use when creating masquerading files | path | PathToAtomicsFolder&#92;T1036&#92;src&#92;T1036_masquerading.ps1|
 
 
-#### Attack Commands: Run with `powershell`! 
+#### Attack Commands: Run with `command_prompt`! 
 
 
-```powershell
-Copy-Item #{exe_path} -Destination $env:TEMP\T1036_masquerading.docx.exe -Force
-Copy-Item #{exe_path} -Destination $env:TEMP\T1036_masquerading.pdf.exe -Force
-Copy-Item #{exe_path} -Destination $env:TEMP\T1036_masquerading.ps1.exe -Force
-Copy-Item #{vbs_path} -Destination $env:TEMP\T1036_masquerading.xls.vbs -Force
-Copy-Item #{vbs_path} -Destination $env:TEMP\T1036_masquerading.xlsx.vbs -Force
-Copy-Item #{vbs_path} -Destination $env:TEMP\T1036_masquerading.png.vbs -Force
-Copy-Item #{ps1_path} -Destination $env:TEMP\T1036_masquerading.vbs.ps1 -Force
-Copy-Item #{ps1_path} -Destination $env:TEMP\T1036_masquerading.exe.ps1 -Force
-Copy-Item #{ps1_path} -Destination $env:TEMP\T1036_masquerading.js.ps1 -Force
-Invoke-Expression $env:TEMP\T1036_masquerading.docx.exe
-Invoke-Expression $env:TEMP\T1036_masquerading.pdf.exe
-Invoke-Expression $env:TEMP\T1036_masquerading.ps1.exe
-Invoke-Expression $env:TEMP\T1036_masquerading.xls.vbs
-Invoke-Expression $env:TEMP\T1036_masquerading.xlsx.vbs
-Invoke-Expression $env:TEMP\T1036_masquerading.png.vbs
-Invoke-Expression $env:TEMP\T1036_masquerading.vbs.ps1
-Invoke-Expression $env:TEMP\T1036_masquerading.exe.ps1
-Invoke-Expression $env:TEMP\T1036_masquerading.js.ps1
+```cmd
+copy #{exe_path} %temp%\T1036_masquerading.docx.exe /Y
+copy #{exe_path} %temp%\T1036_masquerading.pdf.exe /Y
+copy #{exe_path} %temp%\T1036_masquerading.ps1.exe /Y
+copy #{vbs_path} %temp%\T1036_masquerading.xls.vbs /Y
+copy #{vbs_path} %temp%\T1036_masquerading.xlsx.vbs /Y
+copy #{vbs_path} %temp%\T1036_masquerading.png.vbs /Y
+copy #{ps1_path} %temp%\T1036_masquerading.doc.ps1 /Y
+copy #{ps1_path} %temp%\T1036_masquerading.pdf.ps1 /Y
+copy #{ps1_path} %temp%\T1036_masquerading.rtf.ps1 /Y
+%temp%\T1036_masquerading.docx.exe
+%temp%\T1036_masquerading.pdf.exe
+%temp%\T1036_masquerading.ps1.exe
+%temp%\T1036_masquerading.xls.vbs
+%temp%\T1036_masquerading.xlsx.vbs
+%temp%\T1036_masquerading.png.vbs
+C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File %temp%\T1036_masquerading.doc.ps1
+C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File %temp%\T1036_masquerading.pdf.ps1
+C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File %temp%\T1036_masquerading.rtf.ps1
 ```
 
 #### Cleanup Commands:
-```powershell
-Remove-Item $env:TEMP\T1036_masquerading.docx.exe -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.pdf.exe -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.ps1.exe -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.xls.vbs -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.xlsx.vbs -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.png.vbs -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.vbs.ps1 -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.exe.ps1 -Force -ErrorAction Ignore | Out-Null
-Remove-Item $env:TEMP\T1036_masquerading.js.ps1 -Force -ErrorAction Ignore | Out-Null
+```cmd
+del /f %temp%\T1036_masquerading.docx.exe > nul 2>&1
+del /f %temp%\T1036_masquerading.pdf.exe > nul 2>&1
+del /f %temp%\T1036_masquerading.ps1.exe > nul 2>&1
+del /f %temp%\T1036_masquerading.xls.vbs > nul 2>&1
+del /f %temp%\T1036_masquerading.xlsx.vbs > nul 2>&1
+del /f %temp%\T1036_masquerading.png.vbs > nul 2>&1
+del /f %temp%\T1036_masquerading.doc.ps1 > nul 2>&1
+del /f %temp%\T1036_masquerading.pdf.ps1 > nul 2>&1
+del /f %temp%\T1036_masquerading.rtf.ps1 > nul 2>&1
 ```