From 99a21b04d4ff7bd96cf9c1cbd5d231fe35e5f866 Mon Sep 17 00:00:00 2001
From: tlor89 <60741301+tlor89@users.noreply.github.com>
Date: Thu, 22 Sep 2022 20:56:45 -0500
Subject: [PATCH] T1546.003 (#2158)

Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1546.003/T1546.003.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/atomics/T1546.003/T1546.003.yaml b/atomics/T1546.003/T1546.003.yaml
index 63039ee4..4ac3b12a 100644
--- a/atomics/T1546.003/T1546.003.yaml
+++ b/atomics/T1546.003/T1546.003.yaml
@@ -109,6 +109,13 @@ atomic_tests:
       if (Test-Path "#{mofcomp_path}") { exit 0} else { exit 1}
     get_prereq_command: |
       Validate MOFComp.exe is on disk somewhere and update input argument.
+  - description: |
+      MofComp.exe must exist on disk at specified location (#{mof_file})
+    prereq_command: |
+      if (Test-Path "#{mof_file}") { exit 0} else { exit 1}
+    get_prereq_command: |
+      New-Item -Type Directory (split-path #{mof_file}) -ErrorAction ignore | Out-Null
+      Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.003/src/T1546.003.mof" -OutFile "#{mof_file}"
   executor:
     command: |
       #{mofcomp_path} #{mof_file}