From 7b0ba0b3411e13bb8709e8e01858678fc049cd30 Mon Sep 17 00:00:00 2001
From: Atomic Red Team GUID generator <opensource@redcanary.com>
Date: Wed, 17 Jan 2024 21:46:21 +0000
Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci]

---
 atomics/T1543.003/T1543.003.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1543.003/T1543.003.yaml b/atomics/T1543.003/T1543.003.yaml
index 99781b4b51..b4b9c24c2e 100644
--- a/atomics/T1543.003/T1543.003.yaml
+++ b/atomics/T1543.003/T1543.003.yaml
@@ -175,6 +175,7 @@ atomic_tests:
       sc.exe \\#{remote_host} stop #{service_name} >nul 2>&1
       sc.exe \\#{remote_host} delete #{service_name} >nul 2>&1
 - name: Modify Service to Run Arbitrary Binary (Powershell)
+  auto_generated_guid: 1f896ce4-8070-4959-8a25-2658856a70c9
   description: |
      This test will use PowerShell to temporarily modify a service to run an arbitrary executable by changing its binary path and will then revert the binary path change, restoring the service to its original state.
      This technique was previously observed through SnapMC's use of Powerspolit's invoke-serviceabuse function. 
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 2958a6dd2a..8308024bcf 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1541,3 +1541,4 @@ f89812e5-67d1-4f49-86fa-cbc6609ea86a
 062f92c9-28b1-4391-a5f8-9d8ca6852091
 14d55b96-b2f5-428d-8fed-49dc4d9dd616
 e5eedaed-ad42-4c1e-8783-19529738a349
+1f896ce4-8070-4959-8a25-2658856a70c9