From e413bf26718222a714eb514079a8ecfd63cb1e02 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Tue, 15 Oct 2019 00:47:34 +0000
Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs
 branch=master

---
 atomics/T1037/T1037.md | 4 ++++
 atomics/index.yaml     | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/atomics/T1037/T1037.md b/atomics/T1037/T1037.md
index d4c29e98..6e168502 100644
--- a/atomics/T1037/T1037.md
+++ b/atomics/T1037/T1037.md
@@ -36,6 +36,10 @@ REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d "#{scr
 ```
 
 
+#### Cleanup Commands:
+```
+REG.exe DELETE HKCU\Environment /v UserInitMprLogonScript /f
+```
 
 <br/>
 <br/>
diff --git a/atomics/index.yaml b/atomics/index.yaml
index e9e58c53..0eb9f072 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -2675,6 +2675,10 @@ persistence:
         command: 'REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ
           /d "#{script_command}"
 
+'
+        cleanup_command: 'REG.exe DELETE HKCU\Environment /v UserInitMprLogonScript
+          /f
+
 '
     - name: Logon Scripts - Mac
       description: 'Mac logon script
@@ -19677,6 +19681,10 @@ lateral-movement:
         command: 'REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ
           /d "#{script_command}"
 
+'
+        cleanup_command: 'REG.exe DELETE HKCU\Environment /v UserInitMprLogonScript
+          /f
+
 '
     - name: Logon Scripts - Mac
       description: 'Mac logon script