From dfd1f9832791979ff3408fa07d8de2b461bcfb6b Mon Sep 17 00:00:00 2001
From: Atomic Red Team GUID generator <opensource@redcanary.com>
Date: Fri, 30 Jun 2023 14:01:26 +0000
Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci]

---
 atomics/T1562.001/T1562.001.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1562.001/T1562.001.yaml b/atomics/T1562.001/T1562.001.yaml
index cf54ca53..cfe10abb 100644
--- a/atomics/T1562.001/T1562.001.yaml
+++ b/atomics/T1562.001/T1562.001.yaml
@@ -876,6 +876,7 @@ atomic_tests:
     name: powershell
     elevation_required: true
 - name: AMSI Bypass - Override AMSI via COM
+  auto_generated_guid: 17538258-5699-4ff1-92d1-5ac9b0dc21f5
   description: |
     With administrative rights, an adversary can disable AMSI via registry value in HKCU\Software\Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec} by overriding the Microsoft Defender COM object for AMSI and points it to a DLL that does not exist.
     This is currently being used by AsyncRAT and others. 
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index c3761d2a..e0b0ed98 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1366,3 +1366,4 @@ d58d749c-4450-4975-a9e9-8b1d562755c2
 e43cfdaf-3fb8-4a45-8de0-7eee8741d072
 2a78362e-b79a-4482-8e24-be397bce4d85
 bd85e3d1-4aeb-4a1d-850f-7be3cb8d60b9
+17538258-5699-4ff1-92d1-5ac9b0dc21f5