Hide Navigation Hide TOC

Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)

Changes made to a Registry Key and/or Key value (ex: Windows EID 4657 or Sysmon EID 13|14)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	1
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	1
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	1
Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	1
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	1
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	1
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	1
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	1
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	1
Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	1
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Windows Registry Key Modification (da85d358-741a-410d-9433-20d6269a6170)	mitre-data-component	1
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	2
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	2
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	2
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	2
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	2
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	2
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2