From f48e47d40851eac64e5547616f1eb41529ed6dc2 Mon Sep 17 00:00:00 2001
From: caseysmithrc <30840394+caseysmithrc@users.noreply.github.com>
Date: Sun, 2 Sep 2018 22:26:13 -0600
Subject: [PATCH] updated T1050 ServiceCreate

---
 atomics/T1050/T1050.yaml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/atomics/T1050/T1050.yaml b/atomics/T1050/T1050.yaml
index 6e9fc2f7..bd6dde46 100644
--- a/atomics/T1050/T1050.yaml
+++ b/atomics/T1050/T1050.yaml
@@ -14,10 +14,18 @@ atomic_tests:
       description: Name of the service binary, include path.
       type: Path
       default: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe
+    service_name:
+      description: Name of the Service
+      type: String
+      default: AtomicTestService
   executor:
     name: command_prompt
     command: |
-      sc.exe create AtomicTestService binPath= #{binary_path}
+      sc.exe create #{service_name} binPath= #{binary_path}
+      sc.exe start #{service_name}
+      sc.exe stop #{service_name}
+      sc.exe delete #{service_name}
+
 - name: Service Installation PowerShell
     Installs A Local Service using PowerShell
   description: |
@@ -30,7 +38,14 @@ atomic_tests:
       description: Name of the service binary, include path.
       type: Path
       default: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe
+    service_name:
+      description: Name of the Service
+      type: String
+      default: AtomicTestService
   executor:
     name: powershell
     command: |
-      powershell.exe New-Service -Name "AtomicTestService" -BinaryPathName "#{binary_path}"
+      New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}"
+      Start-Service -Name "#{service_name}"
+      Stop-Service -Name "#{service_name}"
+      (Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()