From da83687a17c3e7e50bdc8e5b3c61c68beb8f89cf Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Sun, 24 Jan 2021 00:53:38 +0000
Subject: [PATCH] Generate GUIDs from job=generate_and_commit_guids_and_docs
 branch=master [skip ci]

---
 atomics/T1490/T1490.yaml | 1 +
 atomics/used_guids.txt   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1490/T1490.yaml b/atomics/T1490/T1490.yaml
index aea49d27..3c0facd0 100644
--- a/atomics/T1490/T1490.yaml
+++ b/atomics/T1490/T1490.yaml
@@ -92,6 +92,7 @@ atomic_tests:
     name: command_prompt
     elevation_required: true
 - name: Windows - wbadmin Delete systemstatebackup
+  auto_generated_guid: 584331dd-75bc-4c02-9e0b-17f5fd81c748
   description: |
     Deletes the Windows systemstatebackup using wbadmin.exe. This technique is used by numerous ransomware families. This may only be successful on server platforms that have Windows Backup enabled.
   supported_platforms:
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 51d3e427..e6789bd3 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -654,3 +654,4 @@ a19ee671-ed98-4e9d-b19c-d1954a51585a
 ec3a835e-adca-4c7c-88d2-853b69c11bb9
 6502c8f0-b775-4dbd-9193-1298f56b6781
 ab042179-c0c5-402f-9bc8-42741f5ce359
+584331dd-75bc-4c02-9e0b-17f5fd81c748