From f8cd169ca3e235e0c0e10b10d68f7bc05ce41c71 Mon Sep 17 00:00:00 2001
From: Andrew Beers <apbeers@icloud.com>
Date: Wed, 20 May 2020 10:58:20 -0500
Subject: [PATCH] Move test to T1105 (#1000)

---
 atomics/T1055/T1055.yaml | 17 -----------------
 atomics/T1105/T1105.yaml | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/atomics/T1055/T1055.yaml b/atomics/T1055/T1055.yaml
index 7e02c2b3..836bc2f6 100644
--- a/atomics/T1055/T1055.yaml
+++ b/atomics/T1055/T1055.yaml
@@ -128,20 +128,3 @@ atomic_tests:
     name: command_prompt
     command: |
       .\bin\#{exe_binary}
-
-- name: svchost writing a file to a UNC path
-  auto_generated_guid: fa5a2759-41d7-4e13-a19c-e8f28a53566f
-  description: |
-    svchost.exe writing a non-Microsoft Office file to a file with a UNC path.
-    Upon successful execution, this will rename cmd.exe as svchost.exe and move it to `c:\`, then execute svchost.exe with output to a txt file.
-  supported_platforms:
-    - windows
-  executor:
-    name: command_prompt
-    elevation_required: true
-    command: |
-      copy C:\Windows\System32\cmd.exe C:\svchost.exe
-      C:\svchost.exe /c echo T1055 > \\localhost\c$\T1055.txt
-    cleanup_command: |
-      del C:\T1055.txt >nul 2>&1
-      del C:\svchost.exe >nul 2>&1
diff --git a/atomics/T1105/T1105.yaml b/atomics/T1105/T1105.yaml
index cd40a7b3..a6beb168 100644
--- a/atomics/T1105/T1105.yaml
+++ b/atomics/T1105/T1105.yaml
@@ -290,4 +290,21 @@ atomic_tests:
        del AtomicTestT1105.js /Q >nul 2>&1
        del AtomicTestFileT1105.js /Q >nul 2>&1
        popd
+
+- name: svchost writing a file to a UNC path
+  auto_generated_guid: fa5a2759-41d7-4e13-a19c-e8f28a53566f
+  description: |
+    svchost.exe writing a non-Microsoft Office file to a file with a UNC path.
+    Upon successful execution, this will rename cmd.exe as svchost.exe and move it to `c:\`, then execute svchost.exe with output to a txt file.
+  supported_platforms:
+    - windows
+  executor:
+    name: command_prompt
+    elevation_required: true
+    command: |
+      copy C:\Windows\System32\cmd.exe C:\svchost.exe
+      C:\svchost.exe /c echo T1055 > \\localhost\c$\T1055.txt
+    cleanup_command: |
+      del C:\T1055.txt >nul 2>&1
+      del C:\svchost.exe >nul 2>&1
        
\ No newline at end of file