diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index f1f07666..063d1cec 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -2049,8 +2049,9 @@ defense-evasion:
           $bytes = [System.Convert]::FromBase64String($encodedString)
           $decodedString = [System.Text.Encoding]::UTF8.GetString($bytes)
           #write the decoded eicar string to file
-          $decodedString | Out-File T1027.013_decodedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decodedEicar.txt file.
+          $decodedString | Out-File $env:temp\T1027.013_decodedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decodedEicar.txt -Force -ErrorAction
+          Ignore
         name: powershell
         elevation_required: false
     - name: Decrypt Eicar File and Write to File
@@ -2068,8 +2069,9 @@ defense-evasion:
           $decrypt = ConvertTo-SecureString -String $encryptedString -Key $key
           $decryptedString = [Runtime.InteropServices.Marshal]::PtrToStringBSTR([Runtime.InteropServices.Marshal]::SecureStringToBSTR($decrypt))
           #Write the decrypted eicar string to a file
-          $decryptedString | out-file T1027.013_decryptedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decryptedEicar.txt file.
+          $decryptedString | Out-File $env:temp\T1027.013_decryptedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decryptedEicar.txt -Force
+          -ErrorAction Ignore
         name: powershell
         elevation_required: false
     - name: Password-Protected ZIP Payload Extraction and Execution
diff --git a/atomics/Indexes/linux-index.yaml b/atomics/Indexes/linux-index.yaml
index f9cc0bae..c1f6ae5d 100644
--- a/atomics/Indexes/linux-index.yaml
+++ b/atomics/Indexes/linux-index.yaml
@@ -1530,8 +1530,9 @@ defense-evasion:
           $bytes = [System.Convert]::FromBase64String($encodedString)
           $decodedString = [System.Text.Encoding]::UTF8.GetString($bytes)
           #write the decoded eicar string to file
-          $decodedString | Out-File T1027.013_decodedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decodedEicar.txt file.
+          $decodedString | Out-File $env:temp\T1027.013_decodedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decodedEicar.txt -Force -ErrorAction
+          Ignore
         name: powershell
         elevation_required: false
     - name: Decrypt Eicar File and Write to File
@@ -1549,8 +1550,9 @@ defense-evasion:
           $decrypt = ConvertTo-SecureString -String $encryptedString -Key $key
           $decryptedString = [Runtime.InteropServices.Marshal]::PtrToStringBSTR([Runtime.InteropServices.Marshal]::SecureStringToBSTR($decrypt))
           #Write the decrypted eicar string to a file
-          $decryptedString | out-file T1027.013_decryptedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decryptedEicar.txt file.
+          $decryptedString | Out-File $env:temp\T1027.013_decryptedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decryptedEicar.txt -Force
+          -ErrorAction Ignore
         name: powershell
         elevation_required: false
     - name: Password-Protected ZIP Payload Extraction and Execution
diff --git a/atomics/Indexes/macos-index.yaml b/atomics/Indexes/macos-index.yaml
index 8f5bf427..978dda2d 100644
--- a/atomics/Indexes/macos-index.yaml
+++ b/atomics/Indexes/macos-index.yaml
@@ -1329,8 +1329,9 @@ defense-evasion:
           $bytes = [System.Convert]::FromBase64String($encodedString)
           $decodedString = [System.Text.Encoding]::UTF8.GetString($bytes)
           #write the decoded eicar string to file
-          $decodedString | Out-File T1027.013_decodedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decodedEicar.txt file.
+          $decodedString | Out-File $env:temp\T1027.013_decodedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decodedEicar.txt -Force -ErrorAction
+          Ignore
         name: powershell
         elevation_required: false
     - name: Decrypt Eicar File and Write to File
@@ -1348,8 +1349,9 @@ defense-evasion:
           $decrypt = ConvertTo-SecureString -String $encryptedString -Key $key
           $decryptedString = [Runtime.InteropServices.Marshal]::PtrToStringBSTR([Runtime.InteropServices.Marshal]::SecureStringToBSTR($decrypt))
           #Write the decrypted eicar string to a file
-          $decryptedString | out-file T1027.013_decryptedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decryptedEicar.txt file.
+          $decryptedString | Out-File $env:temp\T1027.013_decryptedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decryptedEicar.txt -Force
+          -ErrorAction Ignore
         name: powershell
         elevation_required: false
     - name: Password-Protected ZIP Payload Extraction and Execution
diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml
index 595540ff..8042ae41 100644
--- a/atomics/Indexes/windows-index.yaml
+++ b/atomics/Indexes/windows-index.yaml
@@ -1524,8 +1524,9 @@ defense-evasion:
           $bytes = [System.Convert]::FromBase64String($encodedString)
           $decodedString = [System.Text.Encoding]::UTF8.GetString($bytes)
           #write the decoded eicar string to file
-          $decodedString | Out-File T1027.013_decodedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decodedEicar.txt file.
+          $decodedString | Out-File $env:temp\T1027.013_decodedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decodedEicar.txt -Force -ErrorAction
+          Ignore
         name: powershell
         elevation_required: false
     - name: Decrypt Eicar File and Write to File
@@ -1543,8 +1544,9 @@ defense-evasion:
           $decrypt = ConvertTo-SecureString -String $encryptedString -Key $key
           $decryptedString = [Runtime.InteropServices.Marshal]::PtrToStringBSTR([Runtime.InteropServices.Marshal]::SecureStringToBSTR($decrypt))
           #Write the decrypted eicar string to a file
-          $decryptedString | out-file T1027.013_decryptedEicar.txt
-        cleanup_command: Just delete the resulting T1027.013_decryptedEicar.txt file.
+          $decryptedString | Out-File $env:temp\T1027.013_decryptedEicar.txt
+        cleanup_command: Remove-Item $env:temp\T1027.013_decryptedEicar.txt -Force
+          -ErrorAction Ignore
         name: powershell
         elevation_required: false
   T1014:
diff --git a/atomics/T1027.013/T1027.013.md b/atomics/T1027.013/T1027.013.md
index 3e621433..38ffd391 100644
--- a/atomics/T1027.013/T1027.013.md
+++ b/atomics/T1027.013/T1027.013.md
@@ -35,13 +35,13 @@ $encodedString = "WDVPIVAlQEFQWzRcUFpYNTQoUF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVE
 $bytes = [System.Convert]::FromBase64String($encodedString)
 $decodedString = [System.Text.Encoding]::UTF8.GetString($bytes)
 #write the decoded eicar string to file
-$decodedString | Out-File T1027.013_decodedEicar.txt
+$decodedString | Out-File $env:temp\T1027.013_decodedEicar.txt
 ```
 
 #### Cleanup Commands
 
 ```powershell
-Just delete the resulting T1027.013_decodedEicar.txt file.
+Remove-Item $env:temp\T1027.013_decodedEicar.txt -Force -ErrorAction Ignore
 ```
 ### Atomic Test #2: Decrypt Eicar File and Write to File
 
@@ -59,13 +59,13 @@ $key = [byte]1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2
 $decrypt = ConvertTo-SecureString -String $encryptedString -Key $key
 $decryptedString = [Runtime.InteropServices.Marshal]::PtrToStringBSTR([Runtime.InteropServices.Marshal]::SecureStringToBSTR($decrypt))
 #Write the decrypted eicar string to a file
-$decryptedString | out-file T1027.013_decryptedEicar.txt
+$decryptedString | Out-File $env:temp\T1027.013_decryptedEicar.txt
 ```
 
 #### Cleanup Commands
 
 ```powershell
-Just delete the resulting T1027.013_decryptedEicar.txt file.
+Remove-Item $env:temp\T1027.013_decryptedEicar.txt -Force -ErrorAction Ignore
 ```
 ### Atomic Test #3: Password-Protected ZIP Payload Extraction and Execution