From b9ee00896bb3a5590412dbd3fead5f5e83554d42 Mon Sep 17 00:00:00 2001
From: MrOrOneEquals1 <dfr1of8@gmail.com>
Date: Thu, 30 Dec 2021 12:21:38 -0700
Subject: [PATCH] Update T1202.yaml (#1704)

* Update T1202.yaml

Update executor for Windows Indirect Command Execution

* Update T1202.yaml

* Update T1202.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1202/T1202.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/atomics/T1202/T1202.yaml b/atomics/T1202/T1202.yaml
index 8dc2cc20..b3597f6d 100644
--- a/atomics/T1202/T1202.yaml
+++ b/atomics/T1202/T1202.yaml
@@ -27,9 +27,9 @@ atomic_tests:
   auto_generated_guid: 8b34a448-40d9-4fc3-a8c8-4bb286faf7dc
   description: |
     forfiles.exe may invoke the execution of programs and commands from a Command-Line Interface.
-    [Reference](https://github.com/api0cradle/LOLBAS/blob/master/OSBinaries/Forfiles.md)
+    [Reference](https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Forfiles.yml)
     "This is basically saying for each occurrence of notepad.exe in c:\windows\system32 run calc.exe"
-    Upon execution calc.exe will be opened
+    Upon execution calc.exe will be opened.
   supported_platforms:
   - windows
   input_arguments:
@@ -40,7 +40,6 @@ atomic_tests:
   executor:
     command: |
       forfiles /p c:\windows\system32 /m notepad.exe /c #{process}
-      forfiles /p c:\windows\system32 /m notepad.exe /c "c:\folder\normal.dll:evil.exe"
     name: command_prompt
 - name: Indirect Command Execution - conhost.exe
   auto_generated_guid: cf3391e0-b482-4b02-87fc-ca8362269b29