From 7d663aee1b9d804a97165f7f4e9f92083c1d3de9 Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Mon, 22 Aug 2022 14:53:14 +0000
Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip]

---
 atomics/Indexes/index.yaml     | 3 ---
 atomics/T1574.008/T1574.008.md | 1 -
 2 files changed, 4 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 340b4842..38610324 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -10937,7 +10937,6 @@ defense-evasion:
       executor:
         command: |
           C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:"$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe" "PathToAtomicsFolder\T1574.008\bin\calc.cs"
-          Copy-Item "PathToAtomicsFolder\T1574.008\bin\Calc.exe" -Destination "$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe"
           Powershell -noprofile
         cleanup_command: |
           Remove-Item "$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe" -ErrorAction Ignore
@@ -31995,7 +31994,6 @@ privilege-escalation:
       executor:
         command: |
           C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:"$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe" "PathToAtomicsFolder\T1574.008\bin\calc.cs"
-          Copy-Item "PathToAtomicsFolder\T1574.008\bin\Calc.exe" -Destination "$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe"
           Powershell -noprofile
         cleanup_command: |
           Remove-Item "$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe" -ErrorAction Ignore
@@ -52866,7 +52864,6 @@ persistence:
       executor:
         command: |
           C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:"$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe" "PathToAtomicsFolder\T1574.008\bin\calc.cs"
-          Copy-Item "PathToAtomicsFolder\T1574.008\bin\Calc.exe" -Destination "$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe"
           Powershell -noprofile
         cleanup_command: |
           Remove-Item "$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe" -ErrorAction Ignore
diff --git a/atomics/T1574.008/T1574.008.md b/atomics/T1574.008/T1574.008.md
index 76d69e8d..a37d5185 100644
--- a/atomics/T1574.008/T1574.008.md
+++ b/atomics/T1574.008/T1574.008.md
@@ -35,7 +35,6 @@ https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combine
 
 ```powershell
 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:"$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe" "PathToAtomicsFolder\T1574.008\bin\calc.cs"
-Copy-Item "PathToAtomicsFolder\T1574.008\bin\Calc.exe" -Destination "$env:localappdata\Microsoft\WindowsApps\Get-Variable.exe"
 Powershell -noprofile
 ```