diff --git a/atomics/T1003/T1003.md b/atomics/T1003/T1003.md
index 9b80a39e..73bee9d6 100644
--- a/atomics/T1003/T1003.md
+++ b/atomics/T1003/T1003.md
@@ -248,9 +248,9 @@ reg save HKLM\security "#{output_folder}\security"
 
 #### Cleanup Commands:
 ```
-rm "#{output_folder}\sam"
-rm "#{output_folder}\system"
-rm "#{output_folder}\security"
+del "#{output_folder}\sam"       >nul 2> nul
+del "#{output_folder}\system"    >nul 2> nul
+del "#{output_folder}\security"  >nul 2> nul
 ```
 
 <br/>
@@ -277,7 +277,7 @@ ProcDump. The tool may be downloaded from https://docs.microsoft.com/en-us/sysin
 
 #### Cleanup Commands:
 ```
-rm "#{output_file}"
+del "#{output_file}" >nul 2> nul
 ```
 
 <br/>
@@ -402,9 +402,9 @@ reg save HKLM\SYSTEM #{extract_path}\SYSTEM_HIVE
 
 #### Cleanup Commands:
 ```
-rm "#{extract_path}\ntds.dit"
-rm "#{extract_path}\VSC_SYSTEM_HIVE"
-rm "#{extract_path}\SYSTEM_HIVE"
+del "#{extract_path}\ntds.dit"        >nul 2> nul
+del "#{extract_path}\VSC_SYSTEM_HIVE" >nul 2> nul
+del "#{extract_path}\SYSTEM_HIVE"     >nul 2> nul
 ```
 
 <br/>
diff --git a/atomics/index.yaml b/atomics/index.yaml
index ccb71f9b..1f7498a2 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -19786,9 +19786,9 @@ credential-access:
           reg save HKLM\system "#{output_folder}\system"
           reg save HKLM\security "#{output_folder}\security"
         cleanup_command: |
-          rm "#{output_folder}\sam"
-          rm "#{output_folder}\system"
-          rm "#{output_folder}\security"
+          del "#{output_folder}\sam"       >nul 2> nul
+          del "#{output_folder}\system"    >nul 2> nul
+          del "#{output_folder}\security"  >nul 2> nul
     - name: Dump LSASS.exe Memory using ProcDump
       description: |
         The memory of lsass.exe is often dumped for offline credential theft attacks. This can be achieved with Sysinternals
@@ -19808,7 +19808,7 @@ credential-access:
         elevation_required: true
         name: command_prompt
         command: "#{procdump_binary_path} -accepteula -ma lsass.exe #{output_file}\n"
-        cleanup_command: 'rm "#{output_file}"
+        cleanup_command: 'del "#{output_file}" >nul 2> nul
 
 '
     - name: Dump LSASS.exe Memory using Windows Task Manager
@@ -19913,9 +19913,9 @@ credential-access:
           copy #{vsc_name}\Windows\System32\config\SYSTEM #{extract_path}\VSC_SYSTEM_HIVE
           reg save HKLM\SYSTEM #{extract_path}\SYSTEM_HIVE
         cleanup_command: |
-          rm "#{extract_path}\ntds.dit"
-          rm "#{extract_path}\VSC_SYSTEM_HIVE"
-          rm "#{extract_path}\SYSTEM_HIVE"
+          del "#{extract_path}\ntds.dit"        >nul 2> nul
+          del "#{extract_path}\VSC_SYSTEM_HIVE" >nul 2> nul
+          del "#{extract_path}\SYSTEM_HIVE"     >nul 2> nul
     - name: GPP Passwords (findstr)
       description: 'Look for the encrypted cpassword value within Group Policy Preference
         files on the Domain Controller. This value can be decrypted with gpp-decrypt