diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 5a7ef7bf..7844d757 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -18820,6 +18820,7 @@ credential-access:
         prereq_command: |
           try {
             New-Object -COMObject "word.Application" | Out-Null
+            $process = "winword"
             Stop-Process -Name $process
             exit 0
           } catch { exit 1 }
diff --git a/atomics/T1555/T1555.md b/atomics/T1555/T1555.md
index b8edae40..c08e2e0b 100644
--- a/atomics/T1555/T1555.md
+++ b/atomics/T1555/T1555.md
@@ -40,6 +40,7 @@ Remove-Item "$env:TEMP\windows-credentials.txt" -ErrorAction Ignore
 ```powershell
 try {
   New-Object -COMObject "word.Application" | Out-Null
+  $process = "winword"
   Stop-Process -Name $process
   exit 0
 } catch { exit 1 }