From dba79489fb7d5ca9feb6c1fad833a97282286409 Mon Sep 17 00:00:00 2001
From: Mohana Shankar D <48013681+msdlearn@users.noreply.github.com>
Date: Wed, 26 Oct 2022 20:43:05 +0530
Subject: [PATCH] Incomplete Process Termination Process (#2205)

The Notepad process was not terminating after the command execution
Line Added:
taskkill /im notepad.exe /t /f > NUL 2>&1

The /t option makes sure any child processes are closed as well, and the /f option forcefully terminates the process.
The > NUL redirects the stdout to the NUL device (the equivalent of /dev/null) and the 2 >&1 also redirects the stderr to stdout so that nothing is output to the console
---
 atomics/T1546.007/T1546.007.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/atomics/T1546.007/T1546.007.yaml b/atomics/T1546.007/T1546.007.yaml
index 685b2d58..8a8d9b07 100644
--- a/atomics/T1546.007/T1546.007.yaml
+++ b/atomics/T1546.007/T1546.007.yaml
@@ -27,7 +27,8 @@ atomic_tests:
   executor:
     command: |
       netsh.exe add helper #{helper_file}
+      taskkill /im notepad.exe /t /f > NUL 2>&1
     cleanup_command: |
       netsh.exe delete helper #{helper_file}
     name: command_prompt
-    elevation_required: true
\ No newline at end of file
+    elevation_required: true