From e406fe0a0f31c0d21a2e8e89a1354a271bf9147a Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Thu, 28 Apr 2022 01:16:26 +0000
Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip]

---
 atomics/Indexes/index.yaml     | 2 ++
 atomics/T1055.001/T1055.001.md | 1 +
 2 files changed, 3 insertions(+)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 944d1009..8814264c 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -14730,6 +14730,7 @@ privilege-escalation:
         command: |
           $mypid = #{process_id}
           mavinject $mypid /INJECTRUNNING #{dll_payload}
+          Stop-Process -processname notepad
         name: powershell
         elevation_required: true
   T1548.004:
@@ -28278,6 +28279,7 @@ defense-evasion:
         command: |
           $mypid = #{process_id}
           mavinject $mypid /INJECTRUNNING #{dll_payload}
+          Stop-Process -processname notepad
         name: powershell
         elevation_required: true
   T1548.004:
diff --git a/atomics/T1055.001/T1055.001.md b/atomics/T1055.001/T1055.001.md
index c014cfde..7da4eb6a 100644
--- a/atomics/T1055.001/T1055.001.md
+++ b/atomics/T1055.001/T1055.001.md
@@ -43,6 +43,7 @@ With default arguments, expect to see a MessageBox, with notepad's icon in taskb
 ```powershell
 $mypid = #{process_id}
 mavinject $mypid /INJECTRUNNING #{dll_payload}
+Stop-Process -processname notepad
 ```