diff --git a/atomics/T1547.007/T1547.007.yaml b/atomics/T1547.007/T1547.007.yaml
index 73d0ec28..2d791064 100644
--- a/atomics/T1547.007/T1547.007.yaml
+++ b/atomics/T1547.007/T1547.007.yaml
@@ -1,25 +1,24 @@
 attack_technique: T1547.007
 display_name: 'Boot or Logon Autostart Execution: Re-opened Applications'
 atomic_tests:
-- name: Re-Opened Applications
+- name: Copy in loginwindow.plist for Re-Opened Applications
   auto_generated_guid: 5fefd767-ef54-4ac6-84d3-751ab85e8aba
   description: |
-    Plist Method
-
-    [Reference](https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CustomLogin.html)
+    Copy in new loginwindow.plist to launch Calculator.
   supported_platforms:
   - macos
+  input_arguments:
+    calc_plist_path:
+      description: path to binary plist with entry to open calculator
+      type: Path
+      default: PathToAtomicsFolder/T1547.007/src/reopen_loginwindow_calc.plist
   executor:
-    steps: |
-      1. create a custom plist:
-
-          ~/Library/Preferences/com.apple.loginwindow.plist
-
-      or
-
-          ~/Library/Preferences/ByHost/com.apple.loginwindow.*.plist
-    name: manual
-- name: Re-Opened Applications
+    command: |
+      cp #{calc_plist_path} ~/Library/Preferences/ByHost/com.apple.loginwindow.plist
+    cleanup_command: |
+      rm -f ~/Library/Preferences/ByHost/com.apple.loginwindow.plist
+    name: sh
+- name: Re-Opened Applications using LoginHook
   auto_generated_guid: 5f5b71da-e03f-42e7-ac98-d63f9e0465cb
   description: |
     Mac Defaults
@@ -39,3 +38,46 @@ atomic_tests:
       sudo defaults delete com.apple.loginwindow LoginHook
     elevation_required: true
     name: sh
+- name: Append to existing loginwindow for Re-Opened Applications
+  description: |
+    Appends an entry to launch Calculator hidden loginwindow.*.plist for next login.
+    Note that the change may not result in the added Calculator program launching on next user login.
+    It may depend on which version of macOS you are running on.
+  supported_platforms:
+  - macos
+  input_arguments:
+    objc_source_path:
+      description: path to objective C program
+      type: Path
+      default: PathToAtomicsFolder/T1547.007/src/append_reopen_loginwindow.m
+    exe_path:
+      description: path to compiled program
+      type: Path
+      default: /tmp/t1547007_append_exe
+  dependency_executor_name: bash
+  dependencies:
+    - description: |
+         compile C program
+      prereq_command: |
+         if [ -f "#{exe_path}" ]; then exit 0 ; else exit 1; fi
+      get_prereq_command: |
+         cc #{objc_source_path} -o #{exe_path} -framework Cocoa
+  executor:
+    command: |
+      FILE=`find ~/Library/Preferences/ByHost/com.apple.loginwindow.*.plist -type f | head -1`
+      if [ -z "${FILE}" ] ; then echo "No loginwindow plist file found" && exit 1 ; fi
+      echo save backup copy to /tmp/
+      cp ${FILE} /tmp/t1547007_loginwindow-backup.plist
+      echo before
+      plutil -p ${FILE}
+      echo overwriting...
+      #{exe_path} ${FILE} && echo after && plutil -p ${FILE}
+    cleanup_command: |
+      rm -f #{exe_path}
+      # revert to backup copy
+      FILE=`find ~/Library/Preferences/ByHost/com.apple.loginwindow.*.plist -type f | head -1`
+      if [ -z "${FILE}" ] ; then
+         exit 0
+      fi
+      mv /tmp/t1547007_loginwindow-backup.plist ${FILE}
+    name: sh
diff --git a/atomics/T1547.007/src/append_reopen_loginwindow.m b/atomics/T1547.007/src/append_reopen_loginwindow.m
new file mode 100644
index 00000000..b8137e91
--- /dev/null
+++ b/atomics/T1547.007/src/append_reopen_loginwindow.m
@@ -0,0 +1,43 @@
+#include <stdio.h>
+
+#import <Cocoa/Cocoa.h>
+
+int main(int argc, char *argv[])
+{
+   if (2 > argc) {
+      printf("usage: %s <path to loginwindow plist file>\n", argv[0]);
+      return 1;
+   }
+
+   // load
+
+   NSString *path = [NSString stringWithUTF8String: argv[1]];
+   NSDictionary *dict = [[NSMutableDictionary alloc] initWithContentsOfFile:path];
+   if (0 == dict.count) {
+      printf("ERROR: unable read or parse plist at %s\n", argv[1]);
+      return 2;
+   }
+
+   // create a Calculator hidden node
+
+   NSDictionary *node = [[NSMutableDictionary alloc] init];
+   [node setValue: @"com.apple.calculator"                forKey: @"BundleID"];
+   [node setValue: @"/System/Applications/Calculator.app" forKey: @"Path"];
+   [node setValue: [NSNumber numberWithInt:2]             forKey: @"BackgroundState"];
+   [node setValue: [NSNumber numberWithInt:1]             forKey: @"Hide"];
+
+   // append node to end of array
+
+   NSMutableArray *a = [dict objectForKey: @"TALAppsToRelaunchAtLogin"];
+   [a addObject: node];
+
+   // overwrite file
+
+   BOOL status = [dict writeToFile: path atomically: NO];
+   if (NO == status) {
+      printf("Failed to overwrite plist file\n");
+      return 3;
+   }
+
+   return 0;
+}
diff --git a/atomics/T1547.007/src/reopen_loginwindow_calc.plist b/atomics/T1547.007/src/reopen_loginwindow_calc.plist
new file mode 100644
index 00000000..5b66ca83
Binary files /dev/null and b/atomics/T1547.007/src/reopen_loginwindow_calc.plist differ