From 532f4dc8828eb9c38b54fed10d8a6aab65b3702a Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Wed, 16 Jun 2021 20:28:57 +0000
Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs
 branch=master [skip ci]

---
 atomics/Indexes/index.yaml     | 5 +++--
 atomics/T1566.001/T1566.001.md | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 55705447..d83f2365 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -68098,6 +68098,7 @@ initial-access:
       description: |
         The macro-enabled Excel file contains VBScript which opens your default web browser and opens it to [google.com](http://google.com).
         The below will successfully download the macro-enabled Excel file to the current location.
+        File is downloaded to the %temp% folder.
       supported_platforms:
       - windows
       executor:
@@ -68106,13 +68107,13 @@ initial-access:
             return 'Please install Microsoft Excel before running this test.'
           }
           else{
-            $url = 'https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/bin/PhishingAttachment.xlsm'
+            $url = 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1566.001/bin/PhishingAttachment.xlsm'
             $fileName = 'PhishingAttachment.xlsm'
             New-Item -Type File -Force -Path $fileName | out-null
             $wc = New-Object System.Net.WebClient
             $wc.Encoding = [System.Text.Encoding]::UTF8
             [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-            ($wc.DownloadString("$url")) | Out-File $fileName
+            Invoke-WebRequest -Uri $url -OutFile $fileName
           }
         name: powershell
     - name: Word spawned a command shell and used an IP address in the command line
diff --git a/atomics/T1566.001/T1566.001.md b/atomics/T1566.001/T1566.001.md
index a29d97dd..08745edd 100644
--- a/atomics/T1566.001/T1566.001.md
+++ b/atomics/T1566.001/T1566.001.md
@@ -16,6 +16,7 @@ There are many options for the attachment such as Microsoft Office documents, ex
 ## Atomic Test #1 - Download Phishing Attachment - VBScript
 The macro-enabled Excel file contains VBScript which opens your default web browser and opens it to [google.com](http://google.com).
 The below will successfully download the macro-enabled Excel file to the current location.
+File is downloaded to the %temp% folder.
 
 **Supported Platforms:** Windows
 
@@ -31,13 +32,13 @@ if (-not(Test-Path HKLM:SOFTWARE\Classes\Excel.Application)){
   return 'Please install Microsoft Excel before running this test.'
 }
 else{
-  $url = 'https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/bin/PhishingAttachment.xlsm'
+  $url = 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1566.001/bin/PhishingAttachment.xlsm'
   $fileName = 'PhishingAttachment.xlsm'
   New-Item -Type File -Force -Path $fileName | out-null
   $wc = New-Object System.Net.WebClient
   $wc.Encoding = [System.Text.Encoding]::UTF8
   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-  ($wc.DownloadString("$url")) | Out-File $fileName
+  Invoke-WebRequest -Uri $url -OutFile $fileName
 }
 ```