From 717f5941fdb46392aaa284c1931b2f08f3f11950 Mon Sep 17 00:00:00 2001
From: Atomic Red Team GUID generator <opensource@redcanary.com>
Date: Wed, 8 Nov 2023 00:28:55 +0000
Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci]

---
 atomics/T1053.005/T1053.005.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1053.005/T1053.005.yaml b/atomics/T1053.005/T1053.005.yaml
index f083a291..027f912c 100644
--- a/atomics/T1053.005/T1053.005.yaml
+++ b/atomics/T1053.005/T1053.005.yaml
@@ -231,6 +231,7 @@ atomic_tests:
     cleanup_command: |
       Unregister-ScheduledTask -TaskName "AtomicTaskModifed" -confirm:$false >$null 2>&1
 - name: Scheduled Task ("Ghost Task") via Registry Key Manipulation
+  auto_generated_guid: 704333ca-cc12-4bcf-9916-101844881f54
   description: |
     Create a scheduled task through manipulation of registry keys. This procedure is implemented using the [GhostTask](https://github.com/netero1010/GhostTask) utility. By manipulating registry keys under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree, the tool creates user-specified scheduled tasks without a corresponding Windows Event 4698, which is logged when scheduled tasks are created through conventional means.
     This requires a download of the GhostTask binary, which must be run as NT Authority\SYSTEM. Upon successful execution of this test, a scheduled task will be set to run at logon which launches notepad.exe or runs a user-specified command.
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 929f6480..0917257b 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1495,3 +1495,4 @@ f7308845-6da8-468e-99f2-4271f2f5bb67
 cedaf7e7-28ee-42ab-ba13-456abd35d1bd
 6b8ca3ab-5980-4321-80c3-bcd77c8daed8
 a9030b20-dd4b-4405-875e-3462c6078fdc
+704333ca-cc12-4bcf-9916-101844881f54