From a6ec9933965f93ea1be166d59220df25b08a8a1c Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Thu, 17 Jul 2025 16:52:39 +0000
Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip]

---
 atomics/Indexes/index.yaml         | 6 ++++++
 atomics/Indexes/windows-index.yaml | 6 ++++++
 atomics/T1547.001/T1547.001.md     | 3 +++
 3 files changed, 15 insertions(+)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index adecdf9f..a7ea389f 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -44251,6 +44251,9 @@ privilege-escalation:
           default: C:\Windows\System32\calc.exe
       executor:
         command: |
+          if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")){
+            New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
+          }
           if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run")){
             New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
           }
@@ -70370,6 +70373,9 @@ persistence:
           default: C:\Windows\System32\calc.exe
       executor:
         command: |
+          if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")){
+            New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
+          }
           if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run")){
             New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
           }
diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml
index 0349d16c..cf067701 100644
--- a/atomics/Indexes/windows-index.yaml
+++ b/atomics/Indexes/windows-index.yaml
@@ -37032,6 +37032,9 @@ privilege-escalation:
           default: C:\Windows\System32\calc.exe
       executor:
         command: |
+          if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")){
+            New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
+          }
           if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run")){
             New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
           }
@@ -58828,6 +58831,9 @@ persistence:
           default: C:\Windows\System32\calc.exe
       executor:
         command: |
+          if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")){
+            New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
+          }
           if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run")){
             New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
           }
diff --git a/atomics/T1547.001/T1547.001.md b/atomics/T1547.001/T1547.001.md
index 81bb207f..084b0fd1 100644
--- a/atomics/T1547.001/T1547.001.md
+++ b/atomics/T1547.001/T1547.001.md
@@ -539,6 +539,9 @@ This test will create a new value under HKEY_CURRENT_USER\Software\Microsoft\Win
 
 
 ```powershell
+if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")){
+  New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
+}
 if (!(Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run")){
   New-Item -ItemType Key -Path  "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
 }