From 36bdfd47311c61b802f8db290dd4f06a9b7c937f Mon Sep 17 00:00:00 2001
From: Superbug <evren@superbug.co>
Date: Thu, 4 Oct 2018 15:48:16 +0300
Subject: [PATCH] Some Powershell bugs fixed. (#369)

* Some Powershell bugs fixed.

* Update T1112.md
---
 atomics/T1112/T1112.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/atomics/T1112/T1112.md b/atomics/T1112/T1112.md
index 9382b02d..26fb413a 100644
--- a/atomics/T1112/T1112.md
+++ b/atomics/T1112/T1112.md
@@ -109,6 +109,7 @@ for ($p = 0; $p -lt ($ProfileList | Measure-Object).count; $p++)
             Write-Verbose -Message 'Attempting to modify registry keys for each profile'
             #####################################################################
             reg add "HKEY_CURRENT_USER\$($ProfileList[$p].SID)\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v HideFileExt /d 1 /f
+	}	
     }
 }
 
@@ -116,6 +117,7 @@ Write-Verbose 'Unloading Registry hives for all users'
 # Unload ntuser.dat        
 ### Garbage collection and closing of ntuser.dat ###
 [gc]::Collect()
-reg unload "HKU\$($ProfileList[$p].SID)"
+cmd /c start reg unload "HKU\$($ProfileList[$p].SID)"
+
 ```
 <br/>