diff --git a/atomics/T1038/T1038.md b/atomics/T1038/T1038.md
index 8a0bde0c..c621811a 100644
--- a/atomics/T1038/T1038.md
+++ b/atomics/T1038/T1038.md
@@ -29,7 +29,7 @@ https://enigma0x3.net/2017/07/19/bypassing-amsi-via-com-server-hijacking/
 ```
 copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
 copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-cmd.exe /c %APPDATA%\updater.exe
+cmd.exe /k %APPDATA%\updater.exe
 ```
 
 
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 222d91c6..4e0b268b 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -1385,10 +1385,10 @@ persistence:
       executor:
         name: command_prompt
         elevation_required: false
-        command: |-
+        command: |
           copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
           copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-          cmd.exe /c %APPDATA%\updater.exe
+          cmd.exe /k %APPDATA%\updater.exe
   T1158:
     technique:
       external_references:
@@ -5823,10 +5823,10 @@ defense-evasion:
       executor:
         name: command_prompt
         elevation_required: false
-        command: |-
+        command: |
           copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
           copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-          cmd.exe /c %APPDATA%\updater.exe
+          cmd.exe /k %APPDATA%\updater.exe
   T1140:
     technique:
       external_references:
@@ -11329,10 +11329,10 @@ privilege-escalation:
       executor:
         name: command_prompt
         elevation_required: false
-        command: |-
+        command: |
           copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
           copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-          cmd.exe /c %APPDATA%\updater.exe
+          cmd.exe /k %APPDATA%\updater.exe
   T1179:
     technique:
       external_references: